Vulnerability in Oracle VM VirtualBox Affects Users and Data Security
CVE-2017-10242

7.3HIGH

Key Information:

Vendor
Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization, allowing an attacker with high privileges on the hosting infrastructure to compromise the VM environment. This vulnerability can lead to the unauthorized ability to hang or crash Oracle VM VirtualBox, alongside potential unauthorized access to sensitive data. Malicious actors could exploit this issue to perform unauthorized updates, insertions, or deletions of data that the Oracle VM VirtualBox manages.

Affected Version(s)

Oracle VM VirtualBox < 5.1.24

References

http://www.securitytracker.com/id/1038929
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99689
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.