VU#981544 - CVE-2018-3639 - Oracle VirtualBox: Privilege Escalation Vulnerability in VirtualBox Extension Pack (FLEX) (RedHat) (CVE-2018-3639). This vulnerability allows attackers to escalate privileges on Red Hat systems where Oracle VM VirtualBox is installed via an untrusted extension pack. Successful exploitation of this vulnerability may result in an attacker with elevated privileges having access to sensitive information or be able to cause a denial-of-service condition on the system. CVSS 3.0 Base Score 5.9 (Availability impacts). VU#981544 - CVE-2018-3639 - Oracle VirtualBox: Privilege Escalation Vulnerability in VirtualBox Extension Pack (FLEX) (RedHat). This vulnerability allows attackers to escalate privileges on Red Hat systems where Oracle VM VirtualBox is installed via an untrusted extension pack. Successful exploitation of this vulnerability may result in an attacker with elevated privileges having access to sensitive information or be able to cause a denial-of-service condition on the system. CVSS 3.0 Base Score 5.9 (Availability impacts). VU#981544 - CVE-2018-3639 - Oracle VirtualBox: Privilege Escalation Vulnerability in VirtualBox Extension Pack (FLEX) (RedHat). This vulnerability allows attackers to escalate privileges on Red Hat systems where Oracle VM VirtualBox is installed via an untrusted extension pack
Oracle VM VirtualBox CVEs
Oracle VirtualBox is an x86 virtualization application that provides users with the ability to create and run multiple guest operating systems in a single system. This allows organizations to consolidate their physical servers and share computing resources, reducing overall costs. Oracle VM VirtualBox also allows for organizations to manage, maintain, and update each guest operating system as needed.
This vulnerability occurs when a user does not have the appropriate level of access to install or upgrade extensions on Red Hat systems where Oracle VM VirtualBox is installed. An attacker can leverage this vulnerability by adding a malicious extension pack from the Internet that has been crafted to exploit the vulnerability, resulting in privilege escalation.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/20/2022 05:33:00 UTC