CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21111

High Severity
SVRS
50/100
CVSSv3
7.8/10
EPSS
0.01513/1

CVE-2024-21111 is a critical vulnerability in Oracle VM VirtualBox, specifically affecting Windows hosts. This Oracle Virtualization flaw allows a low-privileged attacker, with local access, to potentially take complete control of the VirtualBox application. Despite the CVSS score of 7.8 indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) of 50 suggests a medium level of immediate risk. This is because current threat intelligence indicates the vulnerability is not widely exploited, though it is tagged as "In The Wild". Successful exploitation could lead to full compromise of the VirtualBox instance, impacting confidentiality, integrity, and availability. Users of Oracle VM VirtualBox on Windows hosts should prioritize patching to version 7.0.16 or later.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-04-16
LAST MODIFIED2025-03-27
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-21111 is a critical vulnerability in Oracle VM VirtualBox that allows low-privileged attackers to compromise the software. The vulnerability has a CVSS score of 7.8 and an SVRS of 46, indicating a high level of urgency and severity.

Key Insights

  • Exploitation in the Wild: This vulnerability is actively exploited by hackers, making it crucial for organizations to take immediate action.
  • High Impact: Successful exploitation can lead to the takeover of Oracle VM VirtualBox, potentially compromising sensitive data and disrupting operations.
  • Windows-Specific: This vulnerability affects only Windows hosts, highlighting the need for targeted mitigation strategies for these systems.
  • Low Attack Complexity: The vulnerability can be easily exploited by attackers with low privileges, increasing the risk of compromise.

Mitigation Strategies

  • Apply Software Updates: Install the latest security updates from Oracle to patch the vulnerability.
  • Restrict Access: Limit access to Oracle VM VirtualBox to authorized users only.
  • Implement Network Segmentation: Isolate Oracle VM VirtualBox from other critical systems to minimize the impact of a potential compromise.
  • Monitor for Suspicious Activity: Regularly monitor logs and security alerts for any signs of suspicious activity related to this vulnerability.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox
Admin2025-04-01
CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox | VirtualBox is a popular open source, cross-platform, virtualization software developed by Oracle Corporation. Earlier this year we identified an arbitrary file move vulnerability in the VirtualBox system service service that... The post CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox appeared first on MDSec.VirtualBox is a popular open source, cross-platform, virtualization software
mdsec.co.uk
rss
forum
news
1.747
2024-09-27
1.747 | Newly Added (2)Security Vulnerabilities Fixed in Foxit PDF Reader 2024.3Security Vulnerabilities Fixed in Foxit PDF Editor 2024.3Modified (187)Oracle VirtualBox CVE-2008-3431 Weak Authentication Vulnerability<
cve-2021-35540
cve-2023-21987
cve-2023-21998
cve-2021-2286
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability
Eswar2024-04-23
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability | Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This vulnerability was assigned with CVE-2024-21111, and the severity was 7.8 (High). However, Oracle has acted swiftly upon the report and has patched the vulnerability accordingly. Following that, Oracle also released a security advisory to address [&#8230;] The post PoC Exploit Released For Critical Oracle VirtualBox Vulnerability appeared first on
gbhackers.com
rss
forum
news

Social Media

🚨Ya están disponibles Pruebas de Concepto (PoC) para la reciente vulnerabilidad en versiones anteriores a la 7.0.16 de Oracle VirtualBox (CVE-2024-21111) 👇🏽👇🏽 🔗 https://t.co/TUADqdnlyP
0
1
0
🚨Ya están disponibles Pruebas de Concepto (PoC) para la reciente vulnerabilidad en versiones anterioes a la 7.0.16 de Oracle VirtualBox (CVE-2024-21111) 👇🏽👇🏽 🔗 https://t.co/M8nZkViEbP
0
0
0
🚨#POC🚨PoC that exploits Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) #Vulnerability CVE-2024-21111. #DarkWebInformer #Cybercrime #Cybersecurity #Infosec #Intelligence #CVE202421111 #Exploit "Oracle VirtualBox Prior to 7.0.16 is vulnerable to Local… https://t.co/YAifZ0wVdq
1
1
7
⚠️Se recomienda a los usuarios de Oracle VirtualBox en sistemas Windows, actualizar a la versión 7.0.16 o superior, para mitigar grave vulnerabilidad identificada como CVE-2024-21111 ℹ️Mas info en: https://t.co/wL4nvxFawM https://t.co/mO1CPqLwI1
0
0
0
RT @ptracesecurity: CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox https://t.co/BWQCzd9GUD #Pentesting #CyberSecurity #In… iocs: https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
0
19
0
CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox https://t.co/BWQCzd9GUD #Pentesting #CyberSecurity #Infosec https://t.co/kNxKBQdpCI
0
0
2
A critical #PrivilegeEscalation #vulnerability in Oracle VirtualBox (CVE-2024-21111) can be abused by attackers to elevate privileges on a compromised host leading to a system takeover. Detect exploitation attempts with a new #Sigma rule from SOC Prime. https://t.co/lNiLJ0fgyl
0
0
0
GitHub Trending Archive, 24 Apr 2024, C++. SasaKaranovic/winfidel-sensor, mansk1es/CVE-2024-21111, pytorch/executorch, MAZHARMIK/Interview_DS_Algo, microsoft/proxy, AngusJohnson/Clipper2, alexbatalov/fallout2-ce, alexbatalov/fallout1-ce, lammps/lammps https://t.co/GzoxMo08aN++
0
0
0
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox - MDSec https://t.co/FEwfx9O1DQ
0
0
0
RT @MDSecLabs: New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic https:/…
0
40
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.oracle.com/security-alerts/cpuapr2024.html
GITHUBhttps://www.oracle.com/security-alerts/cpuapr2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpuapr2024.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.oracle.com/security-alerts/cpuapr2024.html
[email protected]https://www.oracle.com/security-alerts/cpuapr2024.html

CWE Details

CWE IDCWE NameDescription
CWE-269Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence