Vulnerability in Oracle VM VirtualBox Affecting Multiple Versions
CVE-2017-3559

7.9HIGH

Key Information:

Vendor
Oracle
Status
Oracle Vm Virtualbox
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in Oracle VM VirtualBox which allows low-privileged attackers with access to the infrastructure executing Oracle VM VirtualBox to exploit the system. This exploit can lead to unauthorized operations, including the ability to crash the system, thereby causing a denial of service. Additionally, attackers could gain unauthorized access to manipulate or retrieve sensitive data stored within Oracle VM VirtualBox. The vulnerability significantly affects the stability and data security of the virtual environment.

Affected Version(s)

Oracle VM VirtualBox < 5.0.38

Oracle VM VirtualBox < 5.1.20

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038288
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97739
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.