CVE-2020-35710 : What You Need to Know

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address through a vulnerability in the login form.

Understanding CVE-2020-35710

This CVE involves a security issue in Parallels Remote Application Server (RAS) 18 that exposes intranet IP addresses to remote attackers.

What is CVE-2020-35710?

The vulnerability in Parallels RAS 18 enables attackers to obtain intranet IP addresses by exploiting the login form, even with blank credentials.

The Impact of CVE-2020-35710

The vulnerability allows attackers to extract intranet IP addresses, potentially leading to further targeted attacks or unauthorized access.

Technical Details of CVE-2020-35710

This section provides more in-depth technical insights into the CVE.

Vulnerability Description

Parallels RAS 18 exposes intranet IP addresses through the login form, disclosing sensitive network information.

Affected Systems and Versions

Product: Parallels Remote Application Server (RAS) 18
Vendor: Parallels
Version: All versions are affected

Exploitation Mechanism

Attackers can retrieve intranet IP addresses by submitting the login form, even with empty credentials.

Mitigation and Prevention

Protecting systems from CVE-2020-35710 is crucial to prevent unauthorized access and data breaches.

Immediate Steps to Take

Disable access to the login form if possible until a patch is available.
Monitor network traffic for any suspicious activity related to IP address extraction.

Long-Term Security Practices

Implement network segmentation to restrict access to sensitive information.
Regularly update and patch Parallels RAS to address security vulnerabilities.

Patching and Updates

Apply the latest security patches and updates provided by Parallels to mitigate the CVE-2020-35710 vulnerability.