8.5 CVE-2017-3558
Patch Exploit
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).
https://nvd.nist.gov/vuln/detail/CVE-2017-3558
Categories
CWE-NVD-noinfo
References
af854a3a-2127-422b-91ae-364da2661108 Patch Exploit
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Patch Vendor Advisory |
| http://www.securityfocus.com/bid/97744 Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1038288 Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/41904/ Third Party Advisory VDB Entry |
secalert_us@oracle.com Patch Exploit
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Patch Vendor Advisory |
| http://www.securityfocus.com/bid/97744 Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1038288 Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/41904/ Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* | >= 5.0.0 | < 5.0.38 |
| cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* | >= 5.1.0 | < 5.1.20 |
REMEDIATION
Patch
| Url |
|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| 41904 | Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy | 2017-04-20 |
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
