| VID |
50260 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle VM VirtualBox running on the remote host is 6.0.x prior to 6.0.10. It is, therefore, affected by multiple vulnerabilities as noted in the July 2019 Critical Patch Update advisory:
- An unspecified vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core), which could allow an authenticated, local attacker to takeover Oracle VM VirtualBox. (CVE-2019-2859, CVE-2019-2863, CVE-2019-2866, CVE-2019-2867)
- An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core (OpenSSL)), which could allow an unauthenticated, remote attacker to create, delete of modify critical data Oracle VM VirtualBox. (CVE-2019-1543)
- An unspecified vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core), which could allow an authenticated, local attacker to cause a hang or repeatable crach (DoS) of Oracle VM VirtualBox. (CVE-2019-2848, CVE-2019-2873, CVE-2019-2874, CVE-2019-2875, CVE-2019-2876, CVE-2019-2877)
* References:
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixOVIR
https://www.virtualbox.org/wiki/Changelog
* Platforms Affected:
Oracle VirtualBox versions prior to 6.0.10
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Oracle VirtualBox (6.0.10 or later) |
| Related URL |
CVE-2019-2859,CVE-2019-2867,CVE-2019-2866,CVE-2019-2864,CVE-2019-2865,CVE-2019-1543,CVE-2019-2863,CVE-2019-2848,CVE-2019-2877 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
