CVE-2019-2984

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 5.2.34 Oracle VM VirtualBox versions prior to 6.0.14

Description The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox. It can be easily exploited by a highly privileged attacker with login access to the infrastructure where Oracle VM VirtualBox is executed, allowing them to compromise Oracle VM VirtualBox. Although the vulnerability is in Oracle VM VirtualBox, successful attacks may significantly impact additional products, resulting in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox.

Recommendations For Oracle VM VirtualBox versions prior to 5.2.34, update to version 5.2.34 or later. For Oracle VM VirtualBox versions prior to 6.0.14, update to version 6.0.14 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.