Oracle VM VirtualBox Vulnerability Allows Low Privileged Attackers to Compromise Virtual Machine
CVE-2024-21113

8.8HIGH

Key Information:

Vendor: Oracle
Status: Vm Virtualbox
Vendor: CVE Published:; 16 April 2024

Summary

An exploitable vulnerability exists in Oracle VM VirtualBox that allows low privileged attackers who have logged on to the infrastructure to compromise the virtualization environment. This issue specifically impacts supported versions prior to 7.0.16. Although the primary vulnerability resides within Oracle VM VirtualBox, successful attacks can extend to affect additional products, highlighting a potential scope change in the security posture. Exploitation of this vulnerability could lead to a complete takeover of the Oracle VM VirtualBox, significantly jeopardizing the confidentiality, integrity, and availability of not just the affected product, but also other connected systems.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024

Collectors

NVD Database