Vulnerability in Oracle VM VirtualBox Allowing Unauthorized Access
CVE-2017-10187

4.6MEDIUM

Key Information:

Vendor
Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in Oracle VM VirtualBox that allows high-privileged attackers to exploit the system if they have logon access. This flaw could facilitate unauthorized updates, inserts, or deletions of data associated with Oracle VM VirtualBox, leading to significant impacts on data integrity and the potential for a partial denial of service. The affected versions were prior to 5.1.24, necessitating urgent action to prevent exploitation, as attacks can extend beyond VirtualBox itself, posing broader risks across interconnected products.

Affected Version(s)

Oracle VM VirtualBox < 5.1.24

References

http://www.securitytracker.com/id/1038929
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99711
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.