CVE-2016-0678

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.

CVSS v3 6.7 MEDIUM
CVSS v2.0 4.1 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 2.7 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Vendor Advisory
http://www.securitytracker.com/id/1035607

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:vm_virtualbox:5.0.18:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-21 10:59

Updated : 2024-02-28 15:21

NVD link : CVE-2016-0678

Mitre link : CVE-2016-0678

CVE.ORG link : CVE-2016-0678

JSON object : View

Products Affected

oracle

vm_virtualbox

CWE

NVD-CWE-noinfo

{"id": "CVE-2016-0678", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2016-04-21T10:59:40.290", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1035607", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox en versiones anteriores a 5.0.18 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores relacionados con Core."}], "lastModified": "2016-12-03T03:17:13.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:vm_virtualbox:5.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B75BD63-489F-4634-A3FF-AAAEDE265B8D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}