CVE-2024-6240

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Jun 21, 2024
Updated: Jun 24, 2024
CWE ID 269

Summary

CVE-2024-6240 is a privilege escalation vulnerability affecting Parallels Desktop Software versions prior to 19.3.0. An attacker can exploit this issue by injecting malicious code into a script and setting the BASH_ENV environment variable to the path of the malicious script. When the application starts, the malicious script is executed, allowing the attacker to escalate privileges on the system. This vulnerability could potentially lead to significant security risks. Users are advised to update their Parallels Desktop Software to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Parallels Desktop

Affected Vendors

  • Parallels