PT-2023-3945 · Oracle+1 · Virtualbox+1

Muhammad Alifa Ramdhan

Publicado

2023-07-18

Atualizado

2023-12-07

CVE-2023-22016

CVSS v2.0

4.3

Média

Vetor

AV:L/AC:L/Au:M/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.46 Oracle VM VirtualBox versions prior to 7.0.10

Description The issue allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox. The vulnerability exists due to insufficient input validation.

Recommendations For versions prior to 6.1.46, update to version 6.1.46 or later. For versions prior to 7.0.10, update to version 7.0.10 or later. As a temporary workaround, consider restricting access to the virtual machine to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2023-4923

ALT-PU-2023-4924

ALT-PU-2023-4925

ALT-PU-2023-4926

ALT-PU-2023-4927

ALT-PU-2023-4928

ALT-PU-2023-4929

ALT-PU-2023-4930

ALT-PU-2023-4931

ALT-PU-2023-4932

ALT-PU-2023-5232

ALT-PU-2023-5233

ALT-PU-2023-5234

ALT-PU-2023-5235

ALT-PU-2023-5236

ALT-PU-2023-7554

ALT-PU-2023-7555

ALT-PU-2023-7556

ALT-PU-2023-7557

ALT-PU-2023-7558

BDU:2023-04240

CVE-2023-22016

MGASA-2023-0239

Produtos afetados

Alt Linux

Virtualbox

PT-2023-3945 · Oracle+1 · Virtualbox+1

CVE-2023-22016

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14