Kaspersky LabKLA11405KLA11405 Multiple vulnerabilities in Oracle Virtual Box
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.106 Low
EPSS
Percentile
94.9%
Detect date:
01/15/2019
Severity:
Critical
Description:
Multiple vulnerabilities were found in Oracle Virtual Box. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions and cause denial of service.
Affected products:
Oracle VM Virtual Box versions earlier than 5.2.24
Oracle VM Virtual Box versions earlier than 6.0.2
Solution:
Update to the latest version
Download Oracle Virtual Box
Original advisories:
Oracle Critical Patch Update Advisory – January 2019
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2019-25004.6Warning
CVE-2019-25244.6Warning
CVE-2019-25524.6Warning
CVE-2018-33094.6Warning
CVE-2019-25204.4Warning
CVE-2019-25214.4Warning
CVE-2019-25224.4Warning
CVE-2019-25234.4Warning
CVE-2019-25264.4Warning
CVE-2019-25484.6Warning
CVE-2019-25117.8Critical
CVE-2019-25084.9Warning
CVE-2019-25094.9Warning
CVE-2019-25272.1Warning
CVE-2019-24502.1Warning
CVE-2019-24512.1Warning
CVE-2019-25552.1Warning
CVE-2019-25542.1Warning
CVE-2019-25562.1Warning
CVE-2018-07344.3Warning
CVE-2019-25251.9Warning
CVE-2019-24462.1Warning
CVE-2019-24482.1Warning
CVE-2019-25012.1Warning
CVE-2019-25042.1Warning
CVE-2019-25052.1Warning
CVE-2019-25062.1Warning
CVE-2019-25532.1Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2553
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2554
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2556
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Oracle-VirtualBox/
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixOVIR
www.virtualbox.org/wiki/Downloads
Related
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.106 Low
EPSS
Percentile
94.9%