How severe is CVE-2021-34987?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2021-34987?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2021-34987 - HIGH Severity | CVSS 8.2

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the HDAudio virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-14969.

Related Vulnerabilities

CVE-2019-20734

HIGH

CVSS:8.2(High)

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6...

CWE-1202019

CVE-2020-10713

HIGH

CVSS:8.2(High)

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. I...

CWE-1202020

CVE-2020-8719

HIGH

CVSS:8.2(High)

Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local...

CWE-1202020

CVE-2020-8722

HIGH

CVSS:8.2(High)

Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via loc...

CWE-1202020

CVE-2022-24910

HIGH

CVSS:8.2(High)

A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker c...

CWE-1202022

CVE-2022-40261

HIGH

CVSS:8.2(High)

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) an...

CWE-1202022