CVE-2022-34901

Name of the Vulnerable Software and Affected Versions Parallels Access Agent version 6.5.4 (39316)

Description This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this issue. The specific flaw exists within the Parallels Service, which executes files from an unsecured location. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of root.

Recommendations For Parallels Access Agent version 6.5.4 (39316), consider restricting access to the Parallels Service to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the execution of files from unsecured locations by the Parallels Service may help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this issue.