CVE-2020-35710

Name of the Vulnerable Software and Affected Versions Parallels Remote Application Server (RAS) version 18

Description The issue allows remote attackers to discover an intranet IP address. This occurs because submission of the login form, even with blank credentials, provides the intranet IP address to the attacker's client for use as a "host" value. After an attacker's web browser sends a request to the login form, it automatically sends a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.

Recommendations For Parallels Remote Application Server (RAS) version 18, consider disabling the login form submission until a patch is available to prevent the disclosure of the intranet IP address. Restrict access to the RASHTML5Gateway/socket.io URI to minimize the risk of exploitation. Avoid using the host value in the POST data of the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.