CVE-2020-35710
Last modified
CVE-2020-35710 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Parallels | Remote Application Server | 18.0 |
References
- https://twitter.com/amadapa/status/1342407005110218753Third Party Advisory
- https://www.elladodelmal.com/2020/12/blue-team-red-team-como-parallels-ras.htmlExploit, Third Party Advisory
- https://twitter.com/amadapa/status/1342407005110218753Third Party Advisory
- https://www.elladodelmal.com/2020/12/blue-team-red-team-como-parallels-ras.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-35710?
How severe is CVE-2020-35710?
How do I fix CVE-2020-35710?
Are you affected by CVE-2020-35710?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST