CVE-2022-34891 – CVE-2022-34891 is a local privilege escalation ... (How to Fix)

Q: What is the severity of CVE-2022-34891?

CVE-2022-34891 has a CVSS score of 7.8 (HIGH). CVE-2022-34891 is a local privilege escalation vulnerability in Parallels Desktop where incorrect file permissions allow attackers to escalate to root privileges. Attackers must first gain local code execution with low privileges to exploit this flaw. This affects Parallels Desktop users on macOS systems.

📋 TL;DR

CVE-2022-34891 is a local privilege escalation vulnerability in Parallels Desktop where incorrect file permissions allow attackers to escalate to root privileges. Attackers must first gain local code execution with low privileges to exploit this flaw. This affects Parallels Desktop users on macOS systems.

💻 Affected Systems

Products:

Parallels Desktop

Versions: 17.1.1 and earlier versions

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Parallels Desktop installations on macOS. Requires local access to the system.

📦 What is this software?

Parallels Desktop by Parallels

View all CVEs affecting Parallels Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level arbitrary code execution, allowing full control over the host macOS system and all virtual machines.

🟠

Likely Case

Local attackers gaining root privileges to install persistent malware, access sensitive data, or pivot to other systems.

🟢

If Mitigated

Limited impact if proper access controls prevent local code execution or if systems are isolated from untrusted users.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing local access, not remotely exploitable.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is straightforward once low-privileged code execution is achieved. The vulnerability is in the update mechanism's file permission handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Parallels Desktop 17.1.2 and later

Vendor Advisory: https://kb.parallels.com/125013

Restart Required: Yes

Instructions:

1. Open Parallels Desktop. 2. Go to Help > Check for Updates. 3. Install version 17.1.2 or later. 4. Restart your Mac to complete the update.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to trusted individuals only and implement strict access controls.

Disable Parallels Desktop if not needed

macos

Uninstall or disable Parallels Desktop on systems where virtualization is not required.

sudo /Applications/Parallels\ Desktop.app/Contents/MacOS/uninstall

🧯 If You Can't Patch

Implement strict user access controls and monitor for suspicious local activity
Isolate affected systems from critical networks and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Parallels Desktop version in the application (Help > About Parallels Desktop). If version is 17.1.1 or earlier, the system is vulnerable.

Check Version:

/Applications/Parallels\ Desktop.app/Contents/MacOS/prlsrvctl -V

Verify Fix Applied:

Verify the version is 17.1.2 or later in Help > About Parallels Desktop after updating.

📡 Detection & Monitoring

Log Indicators:

Unauthorized privilege escalation attempts, unexpected root-level process execution, modifications to Parallels Desktop files

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

Search for process execution events where parent process is Parallels Desktop-related and child process runs as root unexpectedly.

📊 Metadata

CVE ID: CVE-2022-34891

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: July 18, 2022

Last Updated: November 21, 2024

🔗 References

https://kb.parallels.com/125013 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-942/ Third Party Advisory,VDB Entry
https://kb.parallels.com/125013 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-942/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34891, you might also want to check these: