Oracle VM VirtualBox Vulnerability in Virtualization Core Component
CVE-2017-10236

7.3HIGH

Key Information:

Vendor
Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability in the Core component of Oracle VM VirtualBox prior to version 5.1.24 can be exploited by an attacker with high-level privileges who is logged on to the infrastructure. This flaw allows for unauthorized manipulation of Oracle VM VirtualBox, potentially leading to frequent crashes or a denial of service. It also opens up avenues for unauthorized access to sensitive data, as well as the ability to insert, update, or delete data that the VirtualBox can access.

Affected Version(s)

Oracle VM VirtualBox < 5.1.24

References

http://www.securitytracker.com/id/1038929
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99645
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.