Kaspersky LabKLA12589KLA12589 Multiple vulnerabilities in Oracle VirtualBox
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.6%
Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Denial of service can be exploited to cause denial of service.
- Security vulnerability can be exploited to bypass security restrictions.
Original advisories
Oracle Critical Patch Update Advisory – July 2022
Related products
CVE list
CVE-2022-21554 warning
CVE-2022-21571 critical
Solution
Update to the latest version
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Oracle VirtualBox earlier than 6.1.36
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.6%