Lucene search

K
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310826781
HistoryJan 18, 2023 - 12:00 a.m.

Oracle VirtualBox Security Update (Jan 2023) - Mac OS X

2023-01-1800:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
11
oracle
virtualbox
security
update
mac os x
vulnerabilities
confidentiality
integrity
availability
upgrade

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.2

Confidence

High

EPSS

0.004

Percentile

72.6%

Oracle VM VirtualBox is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:oracle:vm_virtualbox";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.826781");
  script_version("2024-02-26T14:36:40+0000");
  script_cve_id("CVE-2023-21886", "CVE-2023-21898", "CVE-2023-21899", "CVE-2023-21884",
                "CVE-2023-21885", "CVE-2023-21889");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-01-18 00:15:00 +0000 (Wed, 18 Jan 2023)");
  script_tag(name:"creation_date", value:"2023-01-18 12:15:12 +0530 (Wed, 18 Jan 2023)");
  script_name("Oracle VirtualBox Security Update (Jan 2023) - Mac OS X");

  script_tag(name:"summary", value:"Oracle VM VirtualBox is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is
  present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to multiple errors
  in 'Core' component.");

  script_tag(name:"impact", value:"Successful exploitation will allow an attacker to
  have an impact on confidentiality, integrity and availability.");

  script_tag(name:"affected", value:"VirtualBox versions 6.1.x prior to 6.1.42,
  7.0.x prior to 7.0.6 on Mac OS X.");

  script_tag(name:"solution", value:"Upgrade to Oracle VirtualBox version 6.1.42
  or 7.0.6 or later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_oracle_virtualbox_detect_macosx.nasl");
  script_mandatory_keys("Oracle/VirtualBox/MacOSX/Version");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(vers =~ "^6\.1\." && version_is_less(version:vers, test_version:"6.1.42")) {
  fix = "6.1.42";
}
else if(vers =~ "^7\.0\." && version_is_less(version:vers, test_version:"7.0.6")) {
  fix = "7.0.6";
}

if(fix) {
  report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);
  security_message(data:report);
  exit(0);
}

exit(99);

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

5.2

Confidence

High

EPSS

0.004

Percentile

72.6%