Vulnerability in Oracle VM VirtualBox Affecting Oracle Virtualization
CVE-2017-10240

7.3HIGH

Key Information:

Vendor

Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
8 August 2017

What is CVE-2017-10240?

The vulnerability found in Oracle VM VirtualBox allows an attacker with high privileges and access to the infrastructure to exploit weaknesses in the system. This could lead to unauthorized actions including causing the application to hang or crash repeatedly, effectively resulting in a denial of service. Additionally, the attacker may gain unauthorized access to alter or delete accessible data, as well as read sensitive information, thereby compromising the integrity and confidentiality of the system.

Affected Version(s)

Oracle VM VirtualBox < 5.1.24

References

http://www.securitytracker.com/id/1038929
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99683
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.