Lucene search

OracleCVE-2020-14712

HistoryJul 15, 2020 - 6:15 p.m.

CVE-2020-14712

2020-07-1518:15:35

oracle

web.nvd.nist.gov

115

cve-2020-14712

oracle vm virtualbox

oracle virtualization

security vulnerability

unauthorized access

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).

Affected configurations

Nvd

Vulners

Node

oraclevm_virtualboxRange<5.2.44

oraclevm_virtualboxRange6.0.0–6.0.24

oraclevm_virtualboxRange6.1.0–6.1.12

Node

opensuseleapMatch15.1

opensuseleapMatch15.2

VendorProductVersionCPE
oraclevm_virtualbox*cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	vm_virtualbox	*	cpe:2.3:a:oracle:vm_virtualbox::::::::
opensuse	leap	15.1	cpe:2.3:o:opensuse:leap:15.1:::::::*
opensuse	leap	15.2	cpe:2.3:o:opensuse:leap:15.2:::::::*

CNA Affected

[
  {
    "product": "VM VirtualBox",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "lessThan": "5.2.44",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.24",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "6.1.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]