PT-2020-1356 · Oracle+1 · Virtualbox+1

Elasticheart

·

Published

2020-01-14

·

Updated

2024-06-15

·

CVE-2020-2704

CVSS v3.1

6.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 5.2.36 Oracle VM VirtualBox versions prior to 6.0.16 Oracle VM VirtualBox versions prior to 6.1.2
Description The issue is related to a lack of protection for internal data in the Core component of Oracle VM VirtualBox. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is executed, potentially compromising Oracle VM VirtualBox. Successful attacks may result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.
Recommendations For versions prior to 5.2.36, update to a version that contains a fix for this issue. For versions prior to 6.0.16, update to a version that contains a fix for this issue. For versions prior to 6.1.2, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive data and limiting user privileges to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2020-1123
ALT-PU-2020-1124
ALT-PU-2020-1125
ALT-PU-2020-1126
ALT-PU-2020-1127
ALT-PU-2020-1436
ALT-PU-2020-1437
ALT-PU-2020-1438
ALT-PU-2020-1439
ALT-PU-2020-1440
BDU:2020-00282
CVE-2020-2704
MGASA-2020-0065
OPENSUSE-SU-2024:11501-1
ZDI-20-139

Affected Products

Alt Linux
Virtualbox