PT-2020-2174 · Oracle+2 · Virtualbox+2

Andrew Hess

·

Published

2020-04-15

·

Updated

2021-02-22

·

CVE-2020-2910

CVSS v3.1

6.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.0.20 Oracle VM VirtualBox versions prior to 6.1.6
Description The issue is related to inadequate access control in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized creation, deletion, or modification of critical data or all accessible data in Oracle VM VirtualBox. This vulnerability may also impact additional products.
Recommendations For versions prior to 6.0.20, update to version 6.0.20 or later. For versions prior to 6.1.6, update to version 6.1.6 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2020-1773
ALT-PU-2020-1774
ALT-PU-2020-1775
ALT-PU-2020-1776
ALT-PU-2020-1777
ALT-PU-2020-1843
ALT-PU-2020-1844
ALT-PU-2020-1845
ALT-PU-2020-1846
ALT-PU-2020-1847
BDU:2020-02078
CVE-2020-2910
MGASA-2020-0180
OPENSUSE-SU-2020:0925-1
OPENSUSE-SU-2020_0925-1

Affected Products

Alt Linux
Virtualbox
Suse