Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.VIRTUALBOX_APR_2022_CPU.NASL
HistoryApr 20, 2022 - 12:00 a.m.

Oracle VM VirtualBox (Apr 2022 CPU)

2022-04-2000:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
JSON

The version of VirtualBox installed on the remote host is prior to 6.1.34. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory:

  • Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. (CVE-2022-21491)

  • Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. (CVE-2022-21465)

  • Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. (CVE-2022-21471)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159985);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/26");

  script_cve_id(
    "CVE-2022-21465",
    "CVE-2022-21471",
    "CVE-2022-21487",
    "CVE-2022-21488",
    "CVE-2022-21491"
  );
  script_xref(name:"IAVA", value:"2022-A-0169");

  script_name(english:"Oracle VM VirtualBox (Apr 2022 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of VirtualBox installed on the remote host is prior to 6.1.34. It is, therefore, affected by multiple  
vulnerabilities as referenced in the April 2022 CPU advisory:

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The
    supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low
    privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise
    Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM
    VirtualBox. Note: This vulnerability applies to Windows systems only. (CVE-2022-21491)

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The
    supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows high
    privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise
    Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly 
    impact additional products (scope change). Successful attacks of this vulnerability can result in 
    unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM 
    VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox 
    accessible data. (CVE-2022-21465)

  - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The
    supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low
    privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise
    Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly 
    impact additional products (scope change). Successful attacks of this vulnerability can result in 
    unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM 
    VirtualBox. (CVE-2022-21471)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2022.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21491");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
  script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");

  exit(0);
}

include('vcf.inc');

var app_info = NULL;
if (get_kb_item('installed_sw/Oracle VM VirtualBox'))
  app_info = vcf::get_app_info(app:'Oracle VM VirtualBox', win_local:TRUE);
else
  app_info = vcf::get_app_info(app:'VirtualBox');

var constraints = [{ 'fixed_version' : '6.1.34' }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclevm_virtualboxcpe:/a:oracle:vm_virtualbox

Related

openvas 5
kaspersky 1
mageia 1
nessus 2
suse 2
prion 5
veracode 5
ubuntucve 5
cve 5
debiancve 5
gentoo 1
oracle 1
openvas
openvas
Oracle VirtualBox Security Update (cpuapr2022) - Linux
2022-04-20 00:00:00
Oracle VirtualBox Security Update (cpuapr2022) - Mac OS X
2022-04-20 00:00:00
Oracle VirtualBox Security Update (cpuapr2022) - Windows
2022-04-20 00:00:00
kaspersky
kaspersky
KLA12515 Multiple vulnerabilities in Oracle VirtualBox
2022-04-19 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2022-04-26 18:04:20
nessus
nessus
openSUSE 15 Security Update : virtualbox (openSUSE-SU-2022:10067-1)
2022-07-28 00:00:00
GLSA-202208-36 : Oracle VirtualBox: Multiple Vulnerabilities
2022-08-31 00:00:00
suse
suse
Security update for virtualbox (important)
2022-07-27 00:00:00
Security update for busybox (important)
2022-05-18 00:00:00
prion
prion
Buffer overflow
2022-04-19 21:15:00
Buffer overflow
2022-04-19 21:15:00
Buffer overflow
2022-04-19 21:15:00
veracode
veracode
Privilege Escalation
2022-04-25 17:01:01
Denial Of Service (DoS)
2022-04-25 17:01:08
Privilege Escalation
2022-04-25 17:01:01
ubuntucve
ubuntucve
CVE-2022-21488
2022-04-19 00:00:00
CVE-2022-21487
2022-04-19 00:00:00
CVE-2022-21465
2022-04-19 00:00:00
cve
cve
CVE-2022-21487
2022-04-19 21:15:00
CVE-2022-21471
2022-04-19 21:15:00
CVE-2022-21465
2022-04-19 21:15:00
debiancve
debiancve
CVE-2022-21465
2022-04-19 21:15:00
CVE-2022-21491
2022-04-19 21:15:00
CVE-2022-21487
2022-04-19 21:15:00
gentoo
gentoo
Oracle VirtualBox: Multiple Vulnerabilities
2022-08-31 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
JSON
Related for VIRTUALBOX_APR_2022_CPU.NASL
openvas5kaspersky1mageia1nessus2suse2prion5veracode5ubuntucve5cve5debiancve5gentoo1oracle1