Lucene search

K
kasperskyKaspersky LabKLA48969
HistoryApr 18, 2023 - 12:00 a.m.

KLA48969 Multiple vulnerabilities in Oracle VirtualBox

2023-04-1800:00:00
Kaspersky Lab
threats.kaspersky.com
38
oracle virtualbox
vulnerabilities
high severity
ace
update
latest version
cve-2022-42916
cve-2023-22001
cve-2023-21987
cve-2023-21999
cve-2023-22002
cve-2023-21988
cve-2023-22000
cve-2023-21990
cve-2023-21989
cve-2023-21998
cve-2023-21991

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

64.7%

Multiple vulnerabilities were found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Code execution vulnerability in Core can be exploited to execute arbitrary code and obtain sensitive information.
  2. Code execution vulnerability in Core can be exploited to execute arbitrary code and obtain sensitive information and cause denial of service.
  3. Information disclosure vulnerability in Core can be exploited to obtain sensitive information.
  4. Information disclosure vulnerability in curl can be exploited to obtain sensitive information.

Original advisories

Oracle Critical Patch Update Advisory – April 2023

Related products

Oracle-VirtualBox

CVE list

CVE-2022-42916 critical

CVE-2023-22001 warning

CVE-2023-21987 critical

CVE-2023-21999 warning

CVE-2023-22002 high

CVE-2023-21988 warning

CVE-2023-22000 warning

CVE-2023-21990 critical

CVE-2023-21989 high

CVE-2023-21998 warning

CVE-2023-21991 warning

Solution

Update to the latest version

Download VirtualBox

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Oracle VirtualBox earlier than 6.1.44Oracle VirtualBox 7.0.x earlier than 7.0.8

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.002

Percentile

64.7%