Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2021-2086

Published: 20/01/2021 Updated: 27/01/2021
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6 | Impact Score: 4 | Exploitability Score: 1.5
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is before 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle vm virtualbox

Vendor Advisories

Arch Linux Issues:
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core) The supported version that is affected is Prior to 6118 Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox While the vulnerability is ...

Github Repositories

https://github.com/dlehgus1023/VirtualBox_IO-Fuzz

VirtualBox_IO-Fuzz Version Product : VirtualBox Build 6116, 6126 Host OS : Windows 10 x64 (190411288) Guest OS : Ubuntu 2004 (Focal Fossa) Result CVE-2021-2086 : Oracle VirtualBox I/O Request 0x177 Denial-of-Service CVE-2021-35540 : Oracle VirtualBox I/O Request 0x20, 0xa0 Denial-of-Service Reference CVE-2020-8871: PRIVILEGE ESCALATION IN PARALLELS DESKTOP VIA VGA DEVICE

References

NVD-CWE-noinfohttps://security.gentoo.org/glsa/202101-15https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://nvd.nist.govhttps://github.com/dlehgus1023/VirtualBox_IO-Fuzzhttps://security.archlinux.org/CVE-2021-2086
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook