Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
AnalysisAI
Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) affecting the Snapshot deletion functionality. A local attacker with standard user privileges can exploit a symlink race condition to manipulate root-owned snapshot files, escalating privileges to root. The vulnerability has a CVSS score of 7.8 (high severity) with low attack complexity, and while specific KEV/EPSS data is not provided, the low complexity and local attack vector suggest moderate real-world exploitation probability.
Technical ContextAI
The vulnerability exists in Parallels Desktop's snapshot management system, specifically in the root service that handles snapshot deletion and file ownership verification. The root cause is classified under CWE-708 (Incorrect Ownership Assignment), indicating improper validation of file ownership before modifying it. When a snapshot is deleted, a privileged service performs ownership modifications without adequate checks for symlink attacks. An attacker can create symbolic links pointing to arbitrary files owned by root, and when the snapshot deletion routine processes these links without validating their target, the ownership is transferred to a lower-privilege user. This is a classic privilege escalation pattern exploiting the TOCTOU (Time-of-Check-Time-of-Use) race condition between ownership verification and modification. CPE notation would be: cpe:2.7:a:parallels:parallels_desktop:20.1.1:*:*:*:*:macos:*:*
RemediationAI
Parallels has not provided public patch information in the available data. Recommended actions: (1) Upgrade to a version beyond 20.1.1 once patches are released by Parallels; (2) Check Parallels advisory channels (parallels.com/products/desktop/support) for available security updates; (3) As a temporary mitigation, restrict local user access to systems running Parallels Desktop 20.1.1 to trusted users only; (4) Monitor snapshot deletion operations and file ownership changes in system logs; (5) Disable snapshot functionality if not actively needed until patching is possible. Parallels customers should contact support at https://www.parallels.com/support for official patch availability and timeline.
More in Parallels Desktop
View allDirectory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package u
Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) where the snapshot function
Privilege escalation vulnerability in Parallels Desktop for Mac 20.1.1 that allows a local attacker with user-level priv
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. R
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Deskt
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-4
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-4
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-4
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-4
Same weakness CWE-708 – Incorrect Ownership Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54641