What is CVE-2020-14699?

CVE-2020-14699 is a vulnerability in Oracle VirtualBox that allows a high privileged attacker to escalate privileges.

Which versions of Oracle VirtualBox are affected by CVE-2020-14699?

Versions prior to 5.2.44, prior to 6.0.24, and prior to 6.1.12 of Oracle VirtualBox are affected.

How can CVE-2020-14699 be exploited?

CVE-2020-14699 is a difficult to exploit vulnerability that requires the attacker to have logon access to the infrastructure where Oracle VirtualBox is installed.

What is the severity of CVE-2020-14699?

CVE-2020-14699 has a severity of 7.5 (high).

Where can I find more information about CVE-2020-14699?

More information about CVE-2020-14699 can be found in the references provided: [link1](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html), [link2](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html), [link3](https://security.gentoo.org/glsa/202101-09).

Vulnerability/
CVE-2020-14699

high

7.5

CWE

191

15/7/2020

4/8/2024

26/9/2024

CVE-2020-14699: Oracle VirtualBox e1000 Integer Underflow Privilege Escalation Vulnerability

First published: Wed Jul 15 2020(Updated: )

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the e1000 virtual network adapter. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle VM VirtualBox	<5.2.44
Oracle VM VirtualBox	>=6.0.0<6.0.24
Oracle VM VirtualBox	>=6.1.0<6.1.12
openSUSE Leap	=15.1
openSUSE Leap	=15.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-14699?
CVE-2020-14699 is a vulnerability in Oracle VirtualBox that allows a high privileged attacker to escalate privileges.
Which versions of Oracle VirtualBox are affected by CVE-2020-14699?
Versions prior to 5.2.44, prior to 6.0.24, and prior to 6.1.12 of Oracle VirtualBox are affected.
How can CVE-2020-14699 be exploited?
CVE-2020-14699 is a difficult to exploit vulnerability that requires the attacker to have logon access to the infrastructure where Oracle VirtualBox is installed.
What is the severity of CVE-2020-14699?
CVE-2020-14699 has a severity of 7.5 (high).
Where can I find more information about CVE-2020-14699?
More information about CVE-2020-14699 can be found in the references provided: [link1](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html), [link2](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html), [link3](https://security.gentoo.org/glsa/202101-09).

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/author
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/description
agent/first-publish-date
agent/event
agent/tags
collector/zdi-advisory
source/ZDI
alias/ZDI-20-902
alias/ZDI-CAN-11138
alias/CVE-2020-14699
agent/software-canonical-lookup
vendor/oracle
canonical/oracle vm virtualbox
version/oracle vm virtualbox/6.0.0
version/oracle vm virtualbox/6.1.0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
version/opensuse leap/15.2
canonical/oracle virtualbox