CVE-2020-2701

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Severity
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Atk. Vector
LOCAL
Atk. Complexity
HIGH
Priv. Required
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
oraclevm_virtualbox
5.2.0 ≤
𝑥
< 5.2.36
oraclevm_virtualbox
6.0.0 ≤
𝑥
< 6.0.16
oraclevm_virtualbox
6.1.0 ≤
𝑥
< 6.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
virtualbox
sid/contrib
7.0.20-dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
virtualbox
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
ignored
disco
ignored
bionic
needs-triage
xenial
needs-triage
trusty
dne