Kaspersky LabKLA11641KLA11641 Multiple vulnerabilities in Oracle VirtualBox
5.4 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.86 High
EPSS
Percentile
98.6%
Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Vulnerability in Core component of Oracle VM VirtualBox can be exploited remotely to obtain sensitive information, bypass security restrictions, cause denial of service.
- Vulnerability in Web Services (Apache Axis) component of Oracle Secure Global Desktop can be exploited remotely to obtain sensitive information, bypass security restrictions, cause denial of service.
- Vulnerability in Core component of Oracle VM VirtualBox can be exploited remotely to cause denial of service.
- Vulnerability in Core component of Oracle VM VirtualBox can be exploited remotely to obtain sensitive information.
- Vulnerability in Core component of Oracle VM VirtualBox can be exploited remotely to obtain sensitive information, bypass security restrictions.
- Vulnerability in Core (Mojarra) component of Oracle Secure Global Desktop can be exploited remotely to obtain sensitive information, bypass security restrictions.
- Vulnerability in Web Server (Apache HTTPD Server) component of Oracle Secure Global Desktop can be exploited remotely to obtain sensitive information, bypass security restrictions.
- Vulnerability in Core(OpenSSL) component of Oracle VM VirtualBox can be exploited to bypass security restrictions;
Original advisories
Oracle Critical Patch Update Advisory – January 2020
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2019-1547 warning
CVE-2020-2674 critical
CVE-2020-2682 critical
CVE-2019-0227 critical
CVE-2020-2698 critical
CVE-2020-2701 critical
CVE-2020-2702 critical
CVE-2020-2726 critical
CVE-2020-2681 high
CVE-2020-2689 high
CVE-2020-2690 high
CVE-2020-2691 high
CVE-2020-2692 high
CVE-2020-2703 high
CVE-2020-2704 high
CVE-2020-2705 high
CVE-2020-2725 high
CVE-2020-2678 high
CVE-2019-17091 high
CVE-2020-2727 high
CVE-2020-2693 high
CVE-2019-10092 high
Solution
Update to the latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Affected Products
- Oracle VirtualBox 5.2.x up to 5.2.36Oracle VirtualBox 6.0.x up to 6.0.16Oracle VirtualBox 6.1.x up to 6.1.2
Related
5.4 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
0.86 High
EPSS
Percentile
98.6%