CVE-2020-14712 : Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).

Published 2020-07-15 18:15:35

Updated 2021-02-16 23:57:25

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2020-14712

Oracle » Vm Virtualbox
Versions from including (>=) 6.1.0 and before (<) 6.1.12
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox
Versions from including (>=) 6.0.0 and before (<) 6.0.24
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Virtualbox
Versions before (<) 5.2.44
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.2
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-14712

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-14712

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N	1.3	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: None
5.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N	1.3	3.6	Oracle
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2020-14712

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html

[security-announce] openSUSE-SU-2020:1511-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2020.html

Oracle Critical Patch Update Advisory - July 2020
Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html

[security-announce] openSUSE-SU-2020:1486-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202101-09

VirtualBox: Multiple vulnerabilities (GLSA 202101-09) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-14712

Products affected by CVE-2020-14712

Exploit prediction scoring system (EPSS) score for CVE-2020-14712

CVSS scores for CVE-2020-14712

References for CVE-2020-14712