{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T08:59:12.233","vulnerabilities":[{"cve":{"id":"CVE-2023-50228","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-05-03T03:16:11.507","lastModified":"2025-08-08T18:45:06.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.\n. Was ZDI-CAN-21817."},{"lang":"es","value":"Vulnerabilidad de escalada de privilegios locales de verificación inadecuada de Parallels Desktop Updater de firma criptográfica. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de Parallels Desktop. Un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema host de destino para poder aprovechar esta vulnerabilidad. La falla específica existe dentro del servicio Updater. El problema se debe a la falta de verificación adecuada de una firma criptográfica. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar código arbitrario en el contexto de la raíz. Era ZDI-CAN-21817."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:macos:*:*","versionEndExcluding":"19.1.0_\\(54729\\)","matchCriteriaId":"2180B00B-4394-4ED7-ADD7-C15F72DB07FF"}]}]}],"references":[{"url":"https://kb.parallels.com/en/125013","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1803/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://kb.parallels.com/en/125013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1803/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}