プラットフォーム
macos
コンポーネント
toolgate
修正版
18.0.3
CVE-2023-27326 is a directory traversal vulnerability discovered in Parallels Desktop. This flaw allows a local attacker to escalate privileges on affected systems by manipulating file paths. The vulnerability impacts Parallels Desktop versions 18.0.2 (build 53077) and is addressed in a subsequent release. Users are advised to upgrade to the latest available version to mitigate this risk.
The core of this vulnerability lies in the Toolgate component of Parallels Desktop, where user-supplied paths are not adequately validated before being used in file operations. A successful exploit allows a local attacker, who already possesses the ability to execute high-privileged code within a guest system, to traverse directories and potentially access sensitive files or execute arbitrary commands. This privilege escalation could grant the attacker complete control over the affected macOS host system. While the initial access requires high-privileged code execution within the guest, the subsequent escalation can have a significant impact on the host environment, potentially leading to data breaches, system compromise, and further lateral movement within the network.
CVE-2023-27326 was publicly disclosed on May 3, 2024. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released as of this writing. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 8.2 (HIGH) indicates a significant potential for exploitation if a suitable attack vector is developed.
Users of Parallels Desktop running version 18.0.2 (53077) on macOS are at direct risk. This includes individuals and organizations utilizing Parallels Desktop for running virtual machines, particularly those with less stringent security practices or those who routinely grant high privileges to guest operating systems.
• macos: Use ls -l to check file permissions and ownership in directories accessible by the Toolgate component. Look for unexpected files or directories.
ls -l /path/to/toolgate/directory• macos: Monitor system logs (Console.app) for unusual file access attempts or errors related to the Toolgate component. Filter for keywords like 'directory traversal' or 'path manipulation'.
• macos: Use ktrace to trace system calls made by the Toolgate process and identify suspicious file access patterns.
ktrace -p <toolgate_process_id>• macos: Examine the Autoruns registry keys associated with Parallels Desktop for any unusual or unexpected entries that might indicate malicious activity.
disclosure
エクスプロイト状況
EPSS
2.77% (86% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2023-27326 is to upgrade Parallels Desktop to a patched version. Parallels has released an update addressing this vulnerability; refer to their official advisory for the specific version number. If immediate patching is not feasible, consider implementing stricter file access controls within the guest operating system to limit the attacker's ability to exploit the vulnerability. While a WAF or proxy is unlikely to directly mitigate this local privilege escalation, ensuring robust access controls within the guest environment can reduce the attack surface. After upgrading, verify the fix by attempting to access restricted files or directories using manipulated paths; the operation should be denied.
Actualice Parallels Desktop a una versión posterior a la 18.0.2 (53077) para corregir la vulnerabilidad de escalada de privilegios. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-27326 is a HIGH severity directory traversal vulnerability affecting Parallels Desktop versions 18.0.2 (53077)–18.0.2 (53077) on macOS, allowing local privilege escalation.
If you are running Parallels Desktop version 18.0.2 (53077) on macOS, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade Parallels Desktop to the latest available version that addresses this vulnerability. Consult the official Parallels advisory for details.
As of now, there is no confirmed evidence of active exploitation campaigns targeting CVE-2023-27326, but the vulnerability's severity warrants proactive mitigation.
Please refer to the official Parallels security advisory for detailed information and patching instructions. Check the Parallels support website for the latest updates.