CVE-2018-2687

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
oraclevm_virtualbox
5.1.0 ≤
𝑥
< 5.1.32
oraclevm_virtualbox
5.2.0 ≤
𝑥
< 5.2.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
virtualbox
sid/contrib
7.0.20-dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
virtualbox
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
Fixed 6.1.16-dfsg-6~ubuntu1.20.10.1
released
focal
Fixed 6.1.16-dfsg-6~ubuntu1.20.04.1
released
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needs-triage
artful
ignored
xenial
needs-triage
trusty
dne