Oracle VM VirtualBox Vulnerability Allows Low Privileged Attackers to Compromise Virtual Machine
CVE-2024-21114

8.8HIGH

Key Information:

Vendor
Oracle
Status
Vm Virtualbox
Vendor
CVE Published:
16 April 2024

Summary

A vulnerability exists in the Oracle VM VirtualBox product of Oracle Virtualization, specifically within the Core component. This flaw affects versions prior to 7.0.16 and is deemed easily exploitable by a low privileged attacker who has access to the infrastructure where Oracle VM VirtualBox operates. If exploited successfully, this vulnerability can lead to a complete takeover of Oracle VM VirtualBox. Furthermore, while the vulnerability is rooted in Oracle VM VirtualBox, its impacts may extend beyond this product, potentially affecting other systems. The implications include serious concerns regarding confidentiality, integrity, and availability of the affected environments.

Affected Version(s)

VM VirtualBox * < 7.0.16

References

https://www.oracle.com/security-alerts/cpuapr2024.html
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.