CVE-2021-34867: 
Homebrew vulnerability analysis and mitigation

CVE-2021-34867 is a privilege escalation vulnerability affecting Parallels Desktop version 16.1.3-49160. The vulnerability was discovered in the Toolgate component and was disclosed on September 8, 2021. The issue stems from improper validation of user-supplied data, which can result in an uncontrolled memory allocation (Zero Day Initiative).

The vulnerability exists within the Toolgate component of Parallels Desktop. The specific flaw results from the lack of proper validation of user-supplied data, which can lead to an uncontrolled memory allocation. The vulnerability has been assigned a CVSS v3.1 base score of 8.2 HIGH (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) by NIST NVD, while Zero Day Initiative assigned it a CVSS score of 7.5 HIGH (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) (NVD, Zero Day Initiative).

An attacker who successfully exploits this vulnerability can leverage it to escalate privileges and execute arbitrary code in the context of the hypervisor. The attacker must first obtain the ability to execute high-privileged code on the target guest system to exploit this vulnerability (Zero Day Initiative).

Parallels has issued an update to address this vulnerability. Users are recommended to update to the patched version of Parallels Desktop (Parallels KB).