Kaspersky LabKLA11754KLA11754 Multiple vulnerabilities in Oracle Virtualbox
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
57.7%
Detect date:
03/16/2020
Severity:
Warning
Description:
Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service.
Affected products:
Oracle VirtualBox prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6
Solution:
Update to the latest version
Download Oracle Virtual Box
Original advisories:
Oracle Critical Patch Update Advisory – Aptil 2020
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2020-27412.1Warning
CVE-2020-27424.6Warning
CVE-2020-27432.1Warning
CVE-2020-27482.1Warning
CVE-2020-27584.6Warning
CVE-2020-28942.1Warning
CVE-2020-29024.6Warning
CVE-2020-29054.6Warning
CVE-2020-29074.6Warning
CVE-2020-29084.6Warning
CVE-2020-29094.3Warning
CVE-2020-29102.1Warning
CVE-2020-29114.4Warning
CVE-2020-29134.4Warning
CVE-2020-29144.4Warning
CVE-2020-29294.6Warning
CVE-2020-29512.1Warning
CVE-2020-29584.4Warning
CVE-2020-29595.0Warning
CVE-2020-25754.4Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2902
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2907
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2913
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2914
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2959
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Oracle-VirtualBox/
www.oracle.com/security-alerts/cpuapr2020verbose.html#OVIR
www.virtualbox.org/wiki/Downloads
Related
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
57.7%