Kaspersky LabKLA12047KLA12047 Multiple vulnerabilties in Oracle VirtualBox
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0005 Low
EPSS
Percentile
15.9%
Detect date:
01/19/2021
Severity:
Warning
Description:
Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, obtain sensitive information.
Affected products:
Oracle VirtualBox earlier than 6.1.18
Solution:
Update to the latest version
Download VirtualBox
Original advisories:
Oracle Critical Patch Update Advisory – January 2021
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2021-20734.4Warning
CVE-2021-20748.2Critical
CVE-2021-21216.0High
CVE-2021-20866.0High
CVE-2021-21304.4Warning
CVE-2021-21246.0High
CVE-2021-21316.0High
CVE-2021-21254.6Warning
CVE-2021-21116.0High
CVE-2021-21126.0High
CVE-2021-21206.0High
CVE-2021-21297.9Critical
CVE-2021-21196.0High
CVE-2021-21286.5High
CVE-2021-21266.0High
CVE-2021-21274.4Warning
CVE-2021-21233.2Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2131
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Oracle-VirtualBox/
www.oracle.com/security-alerts/cpujan2021.html#AppendixOVIR
www.virtualbox.org/wiki/Downloads
Related
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0005 Low
EPSS
Percentile
15.9%