Plattform
macos
Komponente
toolgate
Behoben in
18.0.3
CVE-2023-27326 is a directory traversal vulnerability discovered in Parallels Desktop. This flaw allows a local attacker to escalate privileges on affected systems by manipulating file paths. The vulnerability impacts Parallels Desktop versions 18.0.2 (build 53077) and is addressed in a subsequent release. Users are advised to upgrade to the latest available version to mitigate this risk.
Successful exploitation of CVE-2023-27326 allows a local attacker to escalate privileges on the affected macOS system. This means an attacker who already has some level of access to the system can leverage this vulnerability to gain root or administrator-level privileges. The attacker could then execute arbitrary code, modify system files, install malware, or compromise the confidentiality and integrity of the entire system. The vulnerability requires the attacker to first have the ability to execute high-privileged code on the target guest system, limiting the immediate attack surface but still posing a significant risk in compromised environments.
CVE-2023-27326 was publicly disclosed on May 3, 2024. There is no indication of active exploitation campaigns at this time. No public proof-of-concept (PoC) code has been released, but the nature of directory traversal vulnerabilities suggests that a PoC is likely to emerge. The vulnerability has been added to the CISA KEV catalog, indicating a potential risk to federal information systems.
Users of Parallels Desktop running version 18.0.2 (53077) on macOS are at direct risk. This includes individuals and organizations utilizing Parallels Desktop for running virtual machines, particularly those with less stringent security practices or those who routinely grant high privileges to guest operating systems.
• macos: Use ls -l to check file permissions and ownership in directories accessible by the Toolgate component. Look for unexpected files or directories.
ls -l /path/to/toolgate/directory• macos: Monitor system logs (Console.app) for unusual file access attempts or errors related to the Toolgate component. Filter for keywords like 'directory traversal' or 'path manipulation'.
• macos: Use ktrace to trace system calls made by the Toolgate process and identify suspicious file access patterns.
ktrace -p <toolgate_process_id>• macos: Examine the Autoruns registry keys associated with Parallels Desktop for any unusual or unexpected entries that might indicate malicious activity.
disclosure
Exploit-Status
EPSS
2.77% (86% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-27326 is to upgrade to a patched version of Parallels Desktop. Parallels has released a fix, and users are strongly advised to apply it as soon as possible. If immediate upgrading is not feasible, consider restricting access to the Toolgate component and implementing strict file access controls. While a direct WAF rule is unlikely to be effective due to the local nature of the vulnerability, monitoring system logs for suspicious file access attempts related to Toolgate can provide early warning signs of potential exploitation. After upgrading, confirm the fix by attempting to access restricted files via the vulnerable path and verifying that access is denied.
Actualice Parallels Desktop a una versión posterior a la 18.0.2 (53077) para corregir la vulnerabilidad de escalada de privilegios. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-27326 is a HIGH severity directory traversal vulnerability affecting Parallels Desktop versions 18.0.2 (53077)–18.0.2 (53077) on macOS, allowing local privilege escalation.
If you are running Parallels Desktop version 18.0.2 (53077) on macOS, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade Parallels Desktop to the latest available version that addresses this vulnerability. Consult the official Parallels advisory for details.
As of now, there is no confirmed evidence of active exploitation campaigns targeting CVE-2023-27326, but the vulnerability's severity warrants proactive mitigation.
Please refer to the official Parallels security advisory for detailed information and patching instructions. Check the Parallels support website for the latest updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.