Kaspersky LabKLA11028KLA11028 A read/write local files vulnerability in Oracle VM Virtual Box
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:C/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
20.4%
An unspecified vulnerability was found in Oracle VM VirtualBox. By exploiting this vulnerability low priveleged malicious users with logon to the infrastructure, where OracleVM VirtualBox is executed, can write to some of Oracle VM VirtualBox accessible data and read a subset of Oracle VM VirtualBox accessible data.
Original advisories
Oracle Critical Patch Update Advisory
Related products
CVE list
CVE-2017-3538 high
Solution
Update to the latest versions
Impacts
- WLF
Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.
- RLF
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conΡrete program errors.
Affected Products
- Oracle VM VirtualBox earlier than 5.0.34Oracle VM VirtualBox 5.1.x earlier than 5.1.16
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:C/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
20.4%