How severe is CVE-2020-17390?

This vulnerability has a severity rating of LOW with a CVSS score of 3.8 out of 10.

What type of vulnerability is CVE-2020-17390?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2020-17390 - LOW Severity | CVSS 3.8

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030.

Related Vulnerabilities

CVE-2020-11947

LOW

CVSS:3.8(Low)

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

CWE-1252020

CVE-2020-3970

LOW

CVSS:3.8(Low)

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out...

CWE-1252020

CVE-2023-4535

LOW

CVSS:3.8(Low)

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to th...

CWE-1252023

CVE-2024-29948

LOW

CVSS:3.8(Low)

There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a ...

CWE-1252024

CVE-2024-31150

MEDIUM

CVSS:3.8(Low)

Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access.

CWE-1252024

CVE-2017-15353

LOW

CVSS:3.7(Low)

Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C...

CWE-1252017