PT-2023-3641 · Oracle+2 · Virtualbox+2

Kn32

·

Published

2023-07-18

·

Updated

2023-12-07

·

CVE-2023-22018

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.46 Oracle VM VirtualBox versions prior to 7.0.10
Description The issue is related to errors in resource release in the Core component of Oracle VM VirtualBox. It can be exploited by a remote attacker to execute arbitrary code or gain full control over the application using the RDP protocol. Successful attacks can result in the takeover of Oracle VM VirtualBox. The vulnerability can be difficult to exploit and allows an unauthenticated attacker with network access via RDP to compromise the system.
Recommendations For versions prior to 6.1.46, update to version 6.1.46 or later. For versions prior to 7.0.10, update to version 7.0.10 or later. As a temporary workaround, consider restricting access to the RDP protocol until a patch is available.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-4923
ALT-PU-2023-4924
ALT-PU-2023-4925
ALT-PU-2023-4926
ALT-PU-2023-4927
ALT-PU-2023-4928
ALT-PU-2023-4929
ALT-PU-2023-4930
ALT-PU-2023-4931
ALT-PU-2023-4932
ALT-PU-2023-5232
ALT-PU-2023-5233
ALT-PU-2023-5234
ALT-PU-2023-5235
ALT-PU-2023-5236
ALT-PU-2023-7554
ALT-PU-2023-7555
ALT-PU-2023-7556
ALT-PU-2023-7557
ALT-PU-2023-7558
BDU:2023-03925
CVE-2023-22018
MGASA-2023-0239
ZDI-23-982

Affected Products

Alt Linux
Virtualbox
Red Os