CVE-2020-15860 Information
Feb 14, 2021
cve
Description
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application despite the affected application not being published. In addition it was discovered that it is possible to access any host in the internal domain even if it has no published applications or the mentioned host is no longer associated with that server farm.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
https://kb.parallels.com/en/125112 https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution https://www.parallels.com/products/ras/remote-application-server/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.9
Share on: