CVE-2020-8968 – CVE-2020-8968 allows a local attacker to retrie... (How to Fix)

Q: What is the severity of CVE-2020-8968?

CVE-2020-8968 has a CVSS score of 7.1 (HIGH). CVE-2020-8968 allows a local attacker to retrieve Parallels RAS profile passwords in clear text by uploading a previously stored encrypted file. This compromises user confidentiality, availability, and integrity. Organizations using Parallels Remote Application Server are affected.

📋 TL;DR

CVE-2020-8968 allows a local attacker to retrieve Parallels RAS profile passwords in clear text by uploading a previously stored encrypted file. This compromises user confidentiality, availability, and integrity. Organizations using Parallels Remote Application Server are affected.

💻 Affected Systems

Products:

Parallels Remote Application Server (RAS)

Versions: Specific versions not detailed in provided references; consult vendor advisory for exact range

Operating Systems: Windows (primary deployment platform for Parallels RAS)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where Parallels RAS is installed and profile passwords are stored; local access to the server is required.

📦 What is this software?

Remote Application Server by Parallels

View all CVEs affecting Remote Application Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to Parallels RAS, compromising all managed systems and user credentials, leading to full system takeover.

🟠

Likely Case

Local attackers extract credentials to escalate privileges, access sensitive data, or move laterally within the network.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated credential exposure without broader system compromise.

🌐 Internet-Facing: LOW (requires local access to the Parallels RAS server)

🏢 Internal Only: HIGH (local attackers on the same system can exploit this vulnerability)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW (requires local access and knowledge of file upload mechanism)

Exploitation involves uploading a specific encrypted file to retrieve clear-text passwords; no public exploit code is referenced.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Parallels vendor advisory for specific patched versions

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors

Restart Required: Yes

Instructions:

1. Review the vendor advisory for patched versions. 2. Update Parallels RAS to the latest secure version. 3. Restart the Parallels RAS services or server as required.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote local access to Parallels RAS servers to trusted administrators only.

Monitor File Uploads

windows

Implement monitoring for unauthorized file uploads to Parallels RAS directories.

🧯 If You Can't Patch

Implement strict access controls to prevent local unauthorized users from accessing the Parallels RAS server.
Regularly audit and rotate stored credentials to limit exposure if compromised.

🔍 How to Verify

Check if Vulnerable:

Check the Parallels RAS version against the vendor advisory; if unpatched and local access is possible, assume vulnerable.

Check Version:

Check within Parallels RAS admin console or refer to installation documentation for version command.

Verify Fix Applied:

Confirm the Parallels RAS version is updated to a patched release as specified in the vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload activities to Parallels RAS directories
Failed or successful local login attempts by unauthorized users

Network Indicators:

Local network traffic to Parallels RAS server from unexpected sources

SIEM Query:

Example: search for event logs indicating file modifications in Parallels RAS paths or unauthorized local access.

📊 Metadata

CVE ID: CVE-2020-8968

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-255

Published: December 17, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8968, you might also want to check these: