Vulnerability in Oracle VM VirtualBox Could Allow High Privileged Attacker to Compromise the Product
CVE-2024-21259

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability has been identified in Oracle VM VirtualBox that could allow high privileged attackers, with access to the underlying infrastructure, to exploit the product. Specifically, this vulnerability affects versions prior to 7.0.22 and 7.1.2, enabling potential takeover of the VirtualBox environment. While the primary impact is on Oracle VM VirtualBox, successful exploitation may also influence other related products, potentially broadening the scope of the attack. This highlights the need for immediate patching and robust security measures to mitigate associated risks.

Affected Version(s)

Oracle VM VirtualBox * < 7.0.22

Oracle VM VirtualBox * < 7.1.2

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023

Collectors

NVD DatabaseMitre Database