How severe is CVE-2020-17401?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2020-17401?

This is classified as CWE-129, which is a common weakness in software security.

CVE-2020-17401 - MEDIUM Severity | CVSS 6

Vulnerability Description

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.

Related Vulnerabilities

CVE-2020-17394

MEDIUM

CVSS:6.0(Medium)

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged ...

CWE-1292020

CVE-2014-4616

MEDIUM

CVSS:5.9(Medium)

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negativ...

CWE-1292014

CVE-2015-8316

MEDIUM

CVSS:5.9(Medium)

Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP...

CWE-1292015

CVE-2025-30077

MEDIUM

CVSS:6.2(Medium)

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

CWE-1292025

CVE-2021-35592

MEDIUM

CVSS:6.3(Medium)

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to...

CWE-1292021

CVE-2021-35594

MEDIUM

CVSS:6.3(Medium)

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and p...

CWE-1292021