216.73.216.170

CVE-2024-36486

· Published 03/06/2025 10:15 · Modified 04/06/2025 14:54

Labels: CVE-2024-36486 2025-06-03CVE-2024-36486CWE-62[email protected]

Essential information

Published
03/06/2025 10:15
Modified
04/06/2025 14:54
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
parallels / parallels desktop cpe:2.3:a:parallels:parallels_desktop:20.1.1:*:*:*:*:*:*:*

References