Vulnerability Name: | CVE-2020-2691 (CCN-174639) | ||||||||||||||||||||
Assigned: | 2019-12-10 | ||||||||||||||||||||
Published: | 2020-01-14 | ||||||||||||||||||||
Updated: | 2021-02-25 | ||||||||||||||||||||
Summary: | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | ||||||||||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-2691 Source: XF Type: UNKNOWN oracle-cpujan2020-cve20202691(174639) Source: GENTOO Type: Third Party Advisory GLSA-202004-02 Source: GENTOO Type: Third Party Advisory GLSA-202101-09 Source: CCN Type: Oracle CPUJan2020 Oracle Critical Patch Update Advisory - January 2020 Source: MISC Type: Patch, Vendor Advisory https://www.oracle.com/security-alerts/cpujan2020.html Source: CCN Type: ZDI-20-133 Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability Source: CCN Type: ZDI-20-133 Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |