Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
History

Fri, 18 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

Wed, 16 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
Title Oracle Virtualization: From CVEorg collector
References
Metrics threat_severity

None

threat_severity

Important


Tue, 15 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle vm Virtualbox
CPEs cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:prior_to_7.1.2:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle vm Virtualbox
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2024-10-15T19:52:53.966Z

Updated: 2024-10-16T15:05:00.159Z

Reserved: 2023-12-07T22:28:10.702Z

Link: CVE-2024-21259

cve-icon Vulnrichment

Updated: 2024-10-16T15:04:55.165Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-15T20:15:16.590

Modified: 2024-10-18T15:00:17.133

Link: CVE-2024-21259

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-15T19:52:53Z

Links: CVE-2024-21259 - Bugzilla