CVE-2023-22098

Published Oct 17, 2023

Last updated a year ago

CVSS high 8.2

Overview

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Source: secalert_us@oracle.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 6
Exploitability score: 1.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

🚀 We're back with a fresh blog redesign! Dive into @Diego_AltF4's latest post, which offers an in-depth analysis of CVE-2023-22098, including a reliable PoC to escape VirtualBox. 🛠️ Unleash your virtualization magic now! Link below ⬇️
@zeroclicksh
23 Oct 2024
4281 Impressions
18 Retweets
40 Likes
6 Bookmarks
1 Reply
2 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8A5BD79-BD2B-483D-B14F-0F2E525E56D6",
            "versionEndExcluding": "7.0.12",
            "versionStartIncluding": "7.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References