Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-21989
HistoryApr 18, 2023 - 12:00 a.m.

CVE-2023-21989

2023-04-1800:00:00
ubuntu.com
ubuntu.com
8
oracle vm virtualbox
vulnerability
high privileged attacker
unauthorized access

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

10.3%

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
(component: Core). Supported versions that are affected are Prior to 6.1.44
and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox
executes to compromise Oracle VM VirtualBox. While the vulnerability is in
Oracle VM VirtualBox, attacks may significantly impact additional products
(scope change). Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all Oracle VM
VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality
impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

10.3%