CVE-2023-22099

2023-10-1700:00:00

ubuntu.com

oracle vm virtualbox

oracle virtualization

vulnerability

core

exploitable

infrastructure

exploit

cvss 3.1

confidentiality

integrity

availability

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
(component: Core). Supported versions that are affected are Prior to
7.0.12. Easily exploitable vulnerability allows high privileged attacker
with logon to the infrastructure where Oracle VM VirtualBox executes to
compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products (scope
change). Successful attacks of this vulnerability can result in takeover of
Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1
Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchvirtualbox< anyUNKNOWN
ubuntu20.04noarchvirtualbox< anyUNKNOWN
ubuntu22.04noarchvirtualbox< anyUNKNOWN
ubuntu23.10noarchvirtualbox< anyUNKNOWN
ubuntu24.04noarchvirtualbox< anyUNKNOWN
ubuntu16.04noarchvirtualbox< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	virtualbox	< any	UNKNOWN
ubuntu	20.04	noarch	virtualbox	< any	UNKNOWN
ubuntu	22.04	noarch	virtualbox	< any	UNKNOWN
ubuntu	23.10	noarch	virtualbox	< any	UNKNOWN
ubuntu	24.04	noarch	virtualbox	< any	UNKNOWN
ubuntu	16.04	noarch	virtualbox	< any	UNKNOWN