Oracle VM VirtualBox up to 6.1.19 Core unknown vulnerability

A vulnerability classified as critical was found in Oracle VM VirtualBox up to 6.1.19 (Virtualization Software). This vulnerability affects an unknown code block of the component Core. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	04/27/2021 08:54 AM	04/27/2021 08:55 AM	04/29/2021 07:42 AM
vendor	Oracle	Oracle	Oracle
name	VM VirtualBox	VM VirtualBox	VM VirtualBox
cve	CVE-2021-2286	CVE-2021-2286	CVE-2021-2286
component	Core	Core	Core
risk	2	2	2
cvss3_vuldb_av	L	L	L
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	C	C	C
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rc	C	C	C
cvss3_vuldb_rl	O	O	O
version	<=6.1.19	<=6.1.19	<=6.1.19
url	https://www.oracle.com/security-alerts/cpuapr2021.html	https://www.oracle.com/security-alerts/cpuapr2021.html	https://www.oracle.com/security-alerts/cpuapr2021.html
date	1618956000 (04/21/2021)	1618956000 (04/21/2021)	1618956000 (04/21/2021)
date	1618956000 (04/21/2021)	1618956000 (04/21/2021)	1618956000 (04/21/2021)
identifier	Oracle Critical Patch Update Advisory - April 2021	Oracle Critical Patch Update Advisory - April 2021	Oracle Critical Patch Update Advisory - April 2021
name	Upgrade	Upgrade	Upgrade
type	Virtualization Software	Virtualization Software	Virtualization Software
cvss2_vuldb_av	L	L	L
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.9	4.9	4.9
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	7.1	7.1	7.1
cvss3_vuldb_tempscore	6.8	6.8	6.8
cvss3_meta_basescore	7.1	7.1	7.1
cvss3_meta_tempscore	6.8	6.8	6.8
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_assigned	1607468400	1607468400	1607468400
cve_nvd_summary	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).	Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
cve_cna		Oracle	Oracle
cvss2_nvd_av			L
cvss2_nvd_ac			L
cvss2_nvd_au			N
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss2_nvd_basescore			2.1

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!