CVE-2021-2280

Description


Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Related CPE's


CvssV3 impact


Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

CHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

7.1

BaseSeverity

HIGH

CvssV2 impact


AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

2.1

VectorString

AV:L/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE