Lucene search

Kaspersky LabKLA10954

HistoryJun 16, 2016 - 12:00 a.m.

KLA10954 Remote Security Vulnerability in Oracle VM VirtualBox

2016-06-1600:00:00

Kaspersky Lab

threats.kaspersky.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

A remote security vulnerability was found in Oracle Virtualization (Oracle VM VirtualBox component). By exploiting this vulnerability malicious users can gain privileges and cause a partial denial of service. This vulnerability can be exploited remotely over the HTTP protocol.

Technical details

Exploiting this vulnerability successfully requires user interaction (with not the same person as the unauthenticated attacker).

This vulnerability occurs in subcomponent GUI of Oracle Virtualization.

Original advisories

Oracle Critical Patch Update Advisory

Related products

Oracle-VirtualBox

CVE list

CVE-2016-5545 high

Solution

Update to latest versions

Download Oracle VM VirtualBox

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.