CVE-2017-3316

EUVD-2017-12437
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
oraclevm_virtualbox
5.0.30
oraclevm_virtualbox
5.1.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
virtualbox
sid/contrib
7.0.20-dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
virtualbox
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
ignored
trusty
dne
xenial
not-affected
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
http://www.securityfocus.com/bid/95579
http://www.securitytracker.com/id/1037638
https://security.gentoo.org/glsa/201702-08
https://www.exploit-db.com/exploits/41196/
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
http://www.securityfocus.com/bid/95579
http://www.securitytracker.com/id/1037638
https://security.gentoo.org/glsa/201702-08
https://www.exploit-db.com/exploits/41196/