Unauthenticated Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2024-21109

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Vm Virtualbox
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-21109?

A serious vulnerability exists in Oracle VM VirtualBox, a widely used virtualization software from Oracle. This issue affects all supported versions prior to 7.0.16 and allows unauthenticated attackers with network access via HTTP to exploit the system. If successfully exploited, attackers could gain unauthorized access to critical data, potentially compromising the integrity and confidentiality of the data stored in Oracle VM VirtualBox environments. Organizations using this software are advised to update to the latest version immediately to mitigate this risk.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024