CVE-2023-45894

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Dec 14, 2023

Updated: Dec 20, 2023

Summary

CVE-2023-45894 is a newly disclosed vulnerability affecting the Remote Application Server in Parallels RAS before version 19.2.23975. This issue allows a remote attacker to execute arbitrary code on the server by exploiting the lack of application segmentation in virtualized environments. The vulnerability can be exploited through standard kiosk breakout techniques, posing a significant risk to organizations using this software. Parallels RAS urges users to update to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Parallels® RAS

Affected Vendors

Parallels

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tBi5Ts
https://www.cve.org/CVERecord?id=CVE-2023-45894
https://nvd.nist.gov/vuln/detail/CVE-2023-45894

Back to Vulnerability Database