Exploitation of Unauthorized Access in Oracle VM VirtualBox by High Privileged Attackers
CVE-2017-10241

7.3HIGH

Key Information:

Vendor
Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists within Oracle VM VirtualBox that allows an attacker with high privileges to execute unauthorized actions, potentially leading to complete denial of service by causing frequent crashes. This vulnerability can also grant unauthorized capabilities to update, insert, or delete accessible data, along with unauthorized read access to a subset of data. Exploitation of this flaw thus poses a significant threat to the overall integrity and availability of Oracle VM VirtualBox and any associated systems.

Affected Version(s)

Oracle VM VirtualBox < 5.1.24

References

http://www.securitytracker.com/id/1038929
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99687
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.