CVE-2024-6240

Name of the Vulnerable Software and Affected Versions: Parallels Desktop Software versions prior to 19.3.0

Description: The issue is related to improper privilege management, allowing an attacker to escalate privileges on the system. This can be achieved by adding malicious code to a script and populating the BASH ENV environment variable with the path to the malicious script, which executes on application startup.

Recommendations: For versions prior to 19.3.0, update to version 19.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to populate the BASH ENV environment variable with malicious script paths to minimize the risk of exploitation.