CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
91.9%
The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.30. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.
Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(103930);
script_version("1.11");
script_cvs_date("Date: 2019/11/12");
script_cve_id(
"CVE-2017-3167",
"CVE-2017-3733",
"CVE-2017-10392",
"CVE-2017-10407",
"CVE-2017-10408",
"CVE-2017-10428"
);
script_bugtraq_id(
96269,
99135,
101362,
101368,
101370,
101371
);
script_name(english:"Oracle VM VirtualBox 5.1.x < 5.1.30 (October 2017 CPU)");
script_summary(english:"Performs a version check on VirtualBox.exe");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle VM VirtualBox running on the remote host is
5.1.x prior to 5.1.30. It is, therefore, affected by multiple
vulnerabilities as noted in the October 2017 Critical Patch Update
advisory. Please consult the CVRF details for the applicable CVEs
for additional information.
Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
# http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76f5def7");
script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
# https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3236622.xml
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?efb80e57");
script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle VM VirtualBox version 5.1.30 or later as
referenced in the October 2017 Oracle Critical Patch Update advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3167");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app = NULL;
apps = make_list('Oracle VM VirtualBox', 'VirtualBox');
foreach app (apps)
{
if (get_install_count(app_name:app)) break;
else app = NULL;
}
if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');
install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
ver = install['version'];
path = install['path'];
# Affected :
# 5.1.x < 5.1.30
if (ver =~ '^5\\.1' && ver_compare(ver:ver, fix:'5.1.30', strict:FALSE) < 0) fix = '5.1.30';
else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
port = 0;
if (app == 'Oracle VM VirtualBox')
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
}
report =
'\n Path : ' + path +
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
exit(0);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3733
www.nessus.org/u?76f5def7
www.nessus.org/u?efb80e57
www.virtualbox.org/wiki/Changelog
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
91.9%