CVE-2016-5545 : Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (su

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).

Published 2017-01-27 22:59:00

Updated 2019-03-04 17:55:03

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-5545

Oracle » Vm Virtualbox
Versions from including (>=) 5.0.0 and before (<) 5.0.32
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox
Versions from including (>=) 5.1.0 and before (<) 5.1.14
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5545

EPSS FAQ

0.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5545

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	2.8	3.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2016-5545

CWE-254

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-5545

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Oracle Critical Patch Update - January 2017
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1037638

Oracle Virtualization Lets Remote and Local Users Access and Modify Data and Deny Service, Local Users Modify Data, and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/95590

Oracle VM VirtualBox CVE-2016-5545 Remote Security Vulnerability
Third Party Advisory;VDB Entry
https://security.gentoo.org/glsa/201702-08

VirtualBox: Multiple vulnerabilities (GLSA 201702-08) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-5545

Products affected by CVE-2016-5545

Exploit prediction scoring system (EPSS) score for CVE-2016-5545

CVSS scores for CVE-2016-5545

CWE ids for CVE-2016-5545

References for CVE-2016-5545