How severe is CVE-2024-6154?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2024-6154?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2024-6154 - HIGH Severity | CVSS 8.2

Vulnerability Description

Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450.

Related Vulnerabilities

CVE-2021-31428

HIGH

CVSS:8.2(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code ...

CWE-1222021

CVE-2021-31429

HIGH

CVSS:8.2(High)

CWE-1222021

CVE-2022-0080

HIGH

CVSS:8.2(High)

mruby is vulnerable to Heap-based Buffer Overflow

CWE-1222022

CVE-2023-31276

HIGH

CVSS:8.2(High)

Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50C...

CWE-1222023

CVE-2024-11233

HIGH

CVSS:8.2(High)

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can...

CWE-1222024

CVE-2025-0611

HIGH

CVSS:8.2(High)

Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE-1222025