PT-2023-3945 · Oracle+1 · Virtualbox+1

Muhammad Alifa Ramdhan

·

Published

2023-07-18

·

Updated

2023-12-07

·

CVE-2023-22016

CVSS v2.0

4.3

Medium

VectorAV:L/AC:L/Au:M/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.46 Oracle VM VirtualBox versions prior to 7.0.10
Description The issue allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox. The vulnerability exists due to insufficient input validation.
Recommendations For versions prior to 6.1.46, update to version 6.1.46 or later. For versions prior to 7.0.10, update to version 7.0.10 or later. As a temporary workaround, consider restricting access to the virtual machine to minimize the risk of exploitation.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-4923
ALT-PU-2023-4924
ALT-PU-2023-4925
ALT-PU-2023-4926
ALT-PU-2023-4927
ALT-PU-2023-4928
ALT-PU-2023-4929
ALT-PU-2023-4930
ALT-PU-2023-4931
ALT-PU-2023-4932
ALT-PU-2023-5232
ALT-PU-2023-5233
ALT-PU-2023-5234
ALT-PU-2023-5235
ALT-PU-2023-5236
ALT-PU-2023-7554
ALT-PU-2023-7555
ALT-PU-2023-7556
ALT-PU-2023-7557
ALT-PU-2023-7558
BDU:2023-04240
CVE-2023-22016
MGASA-2023-0239

Affected Products

Alt Linux
Virtualbox