PT-2022-4641 · Oracle+2 · Virtualbox+2

Korean_Buljumuk

·

Published

2022-07-19

·

Updated

2024-06-15

·

CVE-2022-21571

CVSS v3.1

8.2

High

VectorAV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.36
Description A vulnerability in Oracle VM VirtualBox allows a highly privileged attacker with access to the infrastructure where Oracle VM VirtualBox is executed to compromise it. The vulnerability can be easily exploited and may significantly impact additional products. Successful attacks can result in the takeover of Oracle VM VirtualBox. The issue is due to insufficient input validation in the Core component, which may allow an attacker to execute arbitrary code.
Recommendations For versions prior to 6.1.36, update to version 6.1.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component to minimize the risk of exploitation. Additionally, ensure that only trusted users have logon access to the infrastructure where Oracle VM VirtualBox is executed.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-2296
ALT-PU-2022-2297
ALT-PU-2022-2298
ALT-PU-2022-2299
ALT-PU-2022-2300
ALT-PU-2022-2329
ALT-PU-2022-2330
ALT-PU-2022-2331
ALT-PU-2022-2332
ALT-PU-2022-2333
ALT-PU-2023-4088
ALT-PU-2023-4089
ALT-PU-2023-4090
ALT-PU-2023-4664
ALT-PU-2023-4665
ALT-PU-2023-4729
ALT-PU-2023-4730
BDU:2022-05525
CVE-2022-21571
MGASA-2022-0265
OPENSUSE-SU-2022:10067-1
OPENSUSE-SU-2022:10122-1
OPENSUSE-SU-2022:10129-1
OPENSUSE-SU-2022:10152-1
OPENSUSE-SU-2022_10067-1
OPENSUSE-SU-2022_10122-1
OPENSUSE-SU-2022_10129-1
OPENSUSE-SU-2022_10152-1
OPENSUSE-SU-2024:12211-1

Affected Products

Alt Linux
Virtualbox
Suse