CVSS 3.1 Score 6.7 of 10 (medium)


Published Apr 16, 2024
Updated: Apr 17, 2024


CVE-2024-21107 is a vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization, specifically affecting versions prior to 7.0.16. This vulnerability can be easily exploited by a high privileged attacker with logon access to compromise Oracle VM VirtualBox on Windows hosts. Successful attacks on this vulnerability can lead to the takeover of Oracle VM VirtualBox. The CVSS 3.1 Base Score for this vulnerability is 6.7, indicating impacts on confidentiality, integrity, and availability. The base severity is rated as MEDIUM, and privileges required for exploitation are classified as HIGH, while user interaction is not required. The attack vector is considered LOCAL with high impact on integrity and confidentiality. The availability impact is also rated as HIGH. To remediate this vulnerability, organizations should update their Oracle VM VirtualBox installations to version 7.0.16 or later provided by Oracle Virtualization. Note: This summary has been compiled based on the information provided in the given text and does not include any additional external sources or analysis beyond the given data.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21107 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options