Oracle VM VirtualBox Vulnerability Allows High Privileged Attackers to Takeover
CVE-2024-21141

8.2HIGH

Key Information:

Vendor: Oracle
Status: Vm Virtualbox
Vendor: CVE Published:; 16 July 2024

Summary

A vulnerability exists in Oracle VM VirtualBox, where high-privileged attackers with authentication may exploit the system to compromise its functionality. This flaw resides within the core component of Oracle VM VirtualBox, impacting not only the virtualization software itself but potentially spreading its effects to other connected products. The exploitation of this vulnerability leads to unauthorized access and control over Oracle VM VirtualBox instances, exposing critical data and system integrity. The vulnerability requires authenticated access, making it crucial for organizations utilizing Oracle VM VirtualBox to implement recommended security measures to mitigate risks associated with this flaw.

Affected Version(s)

VM VirtualBox * < 7.0.20

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2024

Collectors

NVD DatabaseMitre Database