Vulnerability in Oracle VM VirtualBox Core Component by Oracle
CVE-2017-10239

7.3HIGH

Key Information:

Vendor
Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
8 August 2017

Summary

An exploitable vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization that allows a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox operates to compromise the system. This vulnerability can lead to significant denial of service, causing Oracle VM VirtualBox to hang or crash, and enables unauthorized actions such as updating, inserting, or deleting data accessible to Oracle VM VirtualBox. Additionally, it permits unauthorized read access to certain data stored within the application, potentially affecting other interconnected products.

Affected Version(s)

Oracle VM VirtualBox < 5.1.24

References

http://www.securitytracker.com/id/1038929
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99681
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.