CVE-2021-34869: 
Homebrew vulnerability analysis and mitigation

The vulnerability (CVE-2021-34869) affects Parallels Desktop's Toolgate component and was discovered in version 16.1.3. This privilege escalation vulnerability allows local attackers with low-privileged code execution capabilities to escalate privileges on affected installations. The vulnerability was disclosed on September 8, 2021, and was assigned a CVSS score of 7.8 (ZDI Advisory).

The vulnerability exists within the Toolgate component of Parallels Desktop and stems from improper validation of user-supplied data, which can result in an uncontrolled memory allocation. The severity is rated as high with a CVSS v3.0 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) (ZDI Advisory).

A successful exploitation of this vulnerability allows an attacker to leverage the flaw to escalate privileges and execute arbitrary code in the context of the hypervisor. This means an attacker could gain elevated access to system resources that should normally be protected from unauthorized access (ZDI Advisory).

Parallels has issued an update to address this vulnerability. The fix was released in Parallels Desktop version 17.0.0 (51461) on August 10, 2021. Users are advised to update to this or a later version to protect against this vulnerability (Parallels KB).