CVE-2024-21109
First published: Tue Apr 16 2024(Updated: )
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle VM VirtualBox | <7.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-21109?
CVE-2024-21109 is considered a difficult-to-exploit vulnerability, but it can potentially allow unauthenticated network access to compromise Oracle VM VirtualBox.
How do I fix CVE-2024-21109?
To fix CVE-2024-21109, upgrade Oracle VM VirtualBox to version 7.0.16 or later.
Which versions of Oracle VM VirtualBox are affected by CVE-2024-21109?
CVE-2024-21109 affects all versions of Oracle VM VirtualBox prior to 7.0.16.
Who can exploit CVE-2024-21109?
CVE-2024-21109 can be exploited by unauthenticated attackers with network access via HTTP.
What component is vulnerable in CVE-2024-21109?
The vulnerable component in CVE-2024-21109 is the core of the Oracle VM VirtualBox product.
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/event
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/oracle
- canonical/oracle vm virtualbox