Vulnerability CVE-2017-3576

Vulnerability CVE-2017-3576

Published: 2017-04-24

Description:

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation	jannh	19.04.2017

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.4/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Oracle -> Vm virtualbox

References:

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97759

http://www.securitytracker.com/id/1038288

https://www.exploit-db.com/exploits/41907/

Copyright 2024, cxsecurity.com