| VID |
50374 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of VirtualBox installed on the remote host is prior to 6.1.28. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory:
- An easily exploitable vulnerability in the core component of Oracle VirtualBox that allows a highly privileged, authenticated attacker to impact confidentiality and availability. (CVE-2021-35545)
- An easily exploitable vulnerability in the core component of Oracle VirtualBox that allows a low privileged, authenticated attacker to impact availability. (CVE-2021-35540)
- An easily exploitable vulnerability in the core component of Oracle VirtualBox that allows a high privileged, authenticated attacker to compromise availability. (CVE-2021-35542)
* References:
https://www.oracle.com/a/tech/docs/cpuoct2021cvrf.xml
https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixOVIR
* Platforms Affected:
Oracle VirtualBox versions prior to 6.1.28
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Oracle VirtualBox (6.1.28 or later) |
| Related URL |
CVE-2022-21967,CVE-2022-21975,CVE-2022-21977,CVE-2022-21990,CVE-2022-22010,CVE-2022-23253,CVE-2022-23278,CVE-2022-23281,CVE-2022-23283 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
