Kaspersky LabKLA11641KLA11641 Multiple vulnerabilities in Oracle VirtualBox
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
5.4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
0.871 High
EPSS
Percentile
98.6%
Detect date:
01/05/2020
Severity:
Warning
Description:
Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Oracle VirtualBox 5.2.x up to 5.2.36
Oracle VirtualBox 6.0.x up to 6.0.16
Oracle VirtualBox 6.1.x up to 6.1.2
Solution:
Update to the latest version
Download Oracle Virtual Box
Original advisories:
Oracle Critical Patch Update Advisory – January 2020
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2019-15471.9Warning
CVE-2020-26744.6Warning
CVE-2020-26824.6Warning
CVE-2019-02275.4High
CVE-2020-26984.4Warning
CVE-2020-27014.4Warning
CVE-2020-27024.4Warning
CVE-2020-27264.4Warning
CVE-2020-26812.1Warning
CVE-2020-26892.1Warning
CVE-2020-26902.1Warning
CVE-2020-26912.1Warning
CVE-2020-26922.1Warning
CVE-2020-27032.1Warning
CVE-2020-27042.1Warning
CVE-2020-27052.1Warning
CVE-2020-27252.1Warning
CVE-2020-26783.3Warning
CVE-2019-170914.3Warning
CVE-2020-27272.1Warning
CVE-2020-26931.9Warning
CVE-2019-100924.3Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2727
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Oracle-VirtualBox/
www.oracle.com/security-alerts/cpujan2020verbose.html
www.virtualbox.org/wiki/Downloads
Related
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
5.4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
0.871 High
EPSS
Percentile
98.6%