CVE-2024-6240
CVSS 3.1 Score 10.0 of 10 (high)
Details
Summary
CVE-2024-6240 is a privilege escalation vulnerability affecting Parallels Desktop Software versions prior to 19.3.0. An attacker can exploit this issue by injecting malicious code into a script and setting the BASH_ENV environment variable to the path of the malicious script. When the application starts, the malicious script is executed, allowing the attacker to escalate privileges on the system. This vulnerability could potentially lead to significant security risks. Users are advised to update their Parallels Desktop Software to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Parallels Desktop
Affected Vendors
- Parallels