CVE-2023-21889 LOW

CVE-2023-21889

Vendor Oracle Corporation

Product VM VirtualBox

Published January 17, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

3.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Key dates

02Disclosure timeline

January 17, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-21889

Identifiers

CVE CVE-2023-21889

CVSS 3.8 / LOW

Affected versions

Vendor Oracle Corporation

Product VM VirtualBox

Affected < 6.1.42

Vendor Oracle Corporation

Product VM VirtualBox

Affected < 7.0.6