{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T17:29:13.721","vulnerabilities":[{"cve":{"id":"CVE-2024-6153","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-06-20T20:15:20.980","lastModified":"2024-11-21T09:49:04.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-19481."},{"lang":"es","value":"Vulnerabilidad de degradación del software de falla del mecanismo de protección de Parallels Desktop Updater. Esta vulnerabilidad permite a atacantes locales degradar el software de Parallels en las instalaciones afectadas de Parallels Desktop. Un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema host de destino para poder aprovechar esta vulnerabilidad. La falla específica existe dentro del servicio Updater. El problema se debe a la falta de validación adecuada de la información de la versión antes de realizar una actualización. Un atacante puede aprovechar esto junto con otras vulnerabilidades para escalar privilegios y ejecutar código arbitrario en el contexto raíz. Era ZDI-CAN-19481."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*","versionEndExcluding":"18.1.0","matchCriteriaId":"BDBCA339-CCA6-46F0-809C-F22AF745B6D5"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-803/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-803/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}