{"id":131185,"date":"2021-11-24T19:24:10","date_gmt":"2021-11-25T03:24:10","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/11\/researchers-detail-privilege-escalation-bugs-reported-in-oracle-virtualbox"},"modified":"2021-11-24T19:24:10","modified_gmt":"2021-11-25T03:24:10","slug":"researchers-detail-privilege-escalation-bugs-reported-in-oracle-virtualbox","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/11\/researchers-detail-privilege-escalation-bugs-reported-in-oracle-virtualbox","title":{"rendered":"Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox"},"content":{"rendered":"<p style=\"padding-right: 20px\"><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/researchers-detail-privilege-escalation-bugs-reported-in-oracle-virtualbox2.jpg\"><\/a><\/p>\n<p>A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition.<\/p>\n<p>\u201cEasily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox,\u201d the advisory <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-2442\" rel=\"noopener\" target=\"_blank\">reads<\/a>. \u201cSuccessful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox\u201d<\/p>\n<p>Tracked as <a href=\"https:\/\/www.sentinelone.com\/labs\/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads\" rel=\"noopener\" target=\"_blank\">CVE-2021\u20132442<\/a> (CVSS score: 6.0), the flaw affects all versions of the product prior to 6.1.24. <a href=\"https:\/\/www.sentinelone.com\/labs\/gsoh-no-hunting-for-vulnerabilities-in-virtualbox-network-offloads\/\" rel='noopener' target=\"_blank\">SentinelLabs<\/a> researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which <a href=\"https:\/\/www.oracle.com\/security-alerts\/cpujul2021.html\" rel=\"noopener\" target=\"_blank\">fixes have been rolled out<\/a> by Oracle as part of its Critical Patch Update for July 2021.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. \u201cEasily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox,\u201d the advisory reads. \u201cSuccessful attacks of this vulnerability can [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-131185","post","type-post","status-publish","format-standard","hentry","category-futurism"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/131185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=131185"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/131185\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=131185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=131185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=131185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}