Oracle VM VirtualBox Vulnerability - 20240513004

Overview

The WA SOC has been made aware of a vulnerability existing in VirutalBox VM's where an attacker with low-level privileges who has logon access could exploit an out-of-bounds (OOB) vulnerability.

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected	Summary	Dated
CVE-2024-21115	High	8.8	Oracle VM VirtualBox versions prior to 7.0.16	This vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.	17-04-2024

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Recommends updating to version 7.0.16 or later: Changelog/downloads.

Additional References

• Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox (securityonline.info)

• Zero Day Initiative --- CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own

• Oracle Critical Patch Update Advisory - April 2024