Ubuntu.comUB:CVE-2017-3316CVE-2017-3316
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
89.6%
Vulnerability in the Oracle VM VirtualBox component of Oracle
Virtualization (subcomponent: GUI). Supported versions that are affected
are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise Oracle VM VirtualBox. Successful attacks
require human interaction from a person other than the attacker and while
the vulnerability is in Oracle VM VirtualBox, attacks may significantly
impact additional products. Successful attacks of this vulnerability can
result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4
(Confidentiality, Integrity and Availability impacts).
Notes
| Author | Note |
|---|---|
| sbeattie | requires user interaction |
References
www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixOVIR
launchpad.net/bugs/cve/CVE-2017-3316
nvd.nist.gov/vuln/detail/CVE-2017-3316
security-tracker.debian.org/tracker/CVE-2017-3316
www.cve.org/CVERecord?id=CVE-2017-3316
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
89.6%