Sign-up

ID

VAR-202312-0855


CVE

CVE-2023-45894


TITLE

Parallels  of  Remote Application Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-020240

DESCRIPTION

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. Parallels of Remote Application Server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-45894 // JVNDB: JVNDB-2023-020240

AFFECTED PRODUCTS

vendor:parallelsmodel:remote application serverscope:ltversion:19.2.23975

Trust: 1.0

vendor:parallelsmodel:remote application serverscope: - version: -

Trust: 0.8

vendor:parallelsmodel:remote application serverscope:eqversion: -

Trust: 0.8

vendor:parallelsmodel:remote application serverscope:eqversion:19.2.23975

Trust: 0.8

sources: JVNDB: JVNDB-2023-020240 // NVD: CVE-2023-45894

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-45894
value: CRITICAL

Trust: 1.8

NVD:
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-45894
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-020240 // NVD: CVE-2023-45894

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-020240 // NVD: CVE-2023-45894

EXTERNAL IDS

db:NVDid:CVE-2023-45894

Trust: 2.6

db:JVNDBid:JVNDB-2023-020240

Trust: 0.8

sources: JVNDB: JVNDB-2023-020240 // NVD: CVE-2023-45894

REFERENCES

url:https://github.com/oracle-security/cves/blob/main/parallels%20remote%20server/readme.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-45894

Trust: 0.8

sources: JVNDB: JVNDB-2023-020240 // NVD: CVE-2023-45894

SOURCES

db:JVNDBid:JVNDB-2023-020240
db:NVDid:CVE-2023-45894

LAST UPDATE DATE

2024-01-18T22:29:17.110000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-020240date:2024-01-16T02:49:00
db:NVDid:CVE-2023-45894date:2023-12-20T16:44:29.960

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-020240date:2024-01-16T00:00:00
db:NVDid:CVE-2023-45894date:2023-12-14T20:15:52.687