Unrated severityNVD Advisory· Published Dec 25, 2020· Updated Aug 4, 2024
CVE-2020-35710
CVE-2020-35710
Description
Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Parallels/Remote Application Server (RAS)description
- Range: =18
Patches
Vulnerability mechanics
References
2- twitter.com/amadapa/status/1342407005110218753mitrex_refsource_MISC
- www.elladodelmal.com/2020/12/blue-team-red-team-como-parallels-ras.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.