CVE-2024-21107

Summary

CVE-2024-21107 is a vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization, specifically affecting versions prior to 7.0.16. This vulnerability can be easily exploited by a high privileged attacker with logon access to compromise Oracle VM VirtualBox on Windows hosts. Successful attacks on this vulnerability can lead to the takeover of Oracle VM VirtualBox. The CVSS 3.1 Base Score for this vulnerability is 6.7, indicating impacts on confidentiality, integrity, and availability. The base severity is rated as MEDIUM, and privileges required for exploitation are classified as HIGH, while user interaction is not required. The attack vector is considered LOCAL with high impact on integrity and confidentiality. The availability impact is also rated as HIGH. To remediate this vulnerability, organizations should update their Oracle VM VirtualBox installations to version 7.0.16 or later provided by Oracle Virtualization. Note: This summary has been compiled based on the information provided in the given text and does not include any additional external sources or analysis beyond the given data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.