Vulnerability CVE-2015-2594

Vulnerability Name:

CVE-2015-2594 (CCN-104755)

Assigned:

2015-07-14

Published:

2015-07-14

Updated:

2019-02-05

Summary:

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.6 Medium (CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C)
4.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C)
4.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2015-2594

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2015:1400

Source: DEBIAN
Type: Third Party Advisory
DSA-3359

Source: CCN
Type: Oracle Critical Patch Update - July 2015
Oracle Critical Patch Update - July 2015

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: BID
Type: Third Party Advisory, VDB Entry
75899

Source: CCN
Type: BID-75899
Oracle VM VirtualBox CVE-2015-2594 Local Security Vulnerability

Source: XF
Type: UNKNOWN
oracle-cpujuly2015-cve20152594(104755)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-2594

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.0.32)

OR cpe:/a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* (Version >= 4.1.0 and < 4.1.40)

OR cpe:/a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* (Version >= 4.2.0 and < 4.2.32)

OR cpe:/a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* (Version >= 4.3.0 and < 4.3.30)

Configuration 2:

cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:vm_virtualbox:4.0.31:*:*:*:*:*:*:*

OR cpe:/a:oracle:vm_virtualbox:4.1.39:*:*:*:*:*:*:*

OR cpe:/a:oracle:vm_virtualbox:4.2.31:*:*:*:*:*:*:*

OR cpe:/a:oracle:vm_virtualbox:4.3.29:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20152594	V	CVE-2015-2594	2017-03-20
oval:org.cisecurity:def:61	P	DSA-3359-1 -- virtualbox -- security update	2016-02-08
oval:com.ubuntu.precise:def:20152594000	V	CVE-2015-2594 on Ubuntu 12.04 LTS (precise) - medium.	2015-07-16
oval:com.ubuntu.trusty:def:20152594000	V	CVE-2015-2594 on Ubuntu 14.04 LTS (trusty) - medium.	2015-07-16

BACK