CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21115

High Severity
SVRS
40/100
CVSSv3
8.8/10
EPSS
0.00104/1

CVE-2024-21115 is a high-severity vulnerability in Oracle VM VirtualBox, potentially allowing a low-privileged attacker to compromise the system. This Oracle VM VirtualBox vulnerability, impacting versions prior to 7.0.16, enables attackers with local access to gain complete control over the VirtualBox environment. Despite a CVSS score of 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 40, indicating moderate real-world risk despite its technical severity. Successful exploitation can lead to a complete takeover of Oracle VM VirtualBox, significantly impacting confidentiality, integrity, and availability. Although the SVRS is not critical, the vulnerability's presence "In The Wild" and a vendor advisory underscores the need for timely patching to mitigate potential risks. The vulnerability allows a low privileged attacker to compromise Oracle VM VirtualBox. It's crucial to apply the necessary updates to prevent unauthorized access and maintain system security.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-04-16
LAST MODIFIED2025-03-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-21115 is a critical vulnerability in Oracle VM VirtualBox that allows low-privileged attackers to compromise the software. The vulnerability has a CVSS score of 8.8 and an SVRS of 56, indicating a high level of urgency and severity.

Key Insights

  • Exploitation in the Wild: The vulnerability is actively exploited by hackers, making it a significant threat to organizations using Oracle VM VirtualBox.
  • High Impact: Successful exploitation can lead to the takeover of Oracle VM VirtualBox, potentially compromising sensitive data and disrupting operations.
  • Low Attack Complexity: The vulnerability is easily exploitable, making it accessible to a wide range of attackers.
  • Wide Scope: The vulnerability affects all supported versions of Oracle VM VirtualBox prior to 7.0.16.

Mitigation Strategies

  • Update Software: Install the latest security updates from Oracle to patch the vulnerability.
  • Restrict Access: Limit access to Oracle VM VirtualBox to authorized users only.
  • Implement Network Segmentation: Isolate Oracle VM VirtualBox from other critical systems to prevent lateral movement in case of a breach.
  • Monitor for Suspicious Activity: Regularly monitor logs and network traffic for any signs of suspicious activity that may indicate exploitation attempts.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, urging organizations to take immediate action.
  • Exploit Status: Active exploits have been published for this vulnerability.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.747
2024-09-27
1.747 | Newly Added (2)Security Vulnerabilities Fixed in Foxit PDF Reader 2024.3Security Vulnerabilities Fixed in Foxit PDF Editor 2024.3Modified (187)Oracle VirtualBox CVE-2008-3431 Weak Authentication Vulnerability<
cve-2021-35540
cve-2023-21987
cve-2023-21998
cve-2021-2286
CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own
Guest Blogger2024-05-09
CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own | In this guest blog from Pwn2Own winner Cody Gallagher, he details CVE-2024-21115 – an Out-of-Bounds (OOB) Write that occurs in Oracle VirtualBox that can be leveraged for privilege escalation. This bug was recently patched by Oracle in April. Cody has graciously provided this detailed write-up of the vulnerability and how he exploited it at the contest
cve-2024-21115
domains
urls
cves
ZDI-24-413: (Pwn2Own) Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
2024-04-26
ZDI-24-413: (Pwn2Own) Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability | This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21115.
cve-2024-21115
cves
information technology
privilege escalation

Social Media

Discover the intricate details of CVE-2024-21115 from @TrendMicro's @thezdi, a critical Out-of-Bounds Write #vulnerability in Oracle VirtualBox, explained by #Pwn2Own champion Cody Gallagher. This bug was patched this April by #Oracle. https://t.co/HOYtm2d7kT
0
0
0
Discover the intricate details of CVE-2024-21115 from @TrendMicro's @thezdi, a critical Out-of-Bounds Write #vulnerability in Oracle VirtualBox, explained by #Pwn2Own champion Cody Gallagher. This bug was patched this April by #Oracle. https://t.co/XfvCg4cAfn
0
0
0
Discover the intricate details of CVE-2024-21115 from @TrendMicro's @thezdi, a critical Out-of-Bounds Write #vulnerability in Oracle VirtualBox, explained by #Pwn2Own champion Cody Gallagher. This bug was patched this April by #Oracle. https://t.co/8YRQcz41Qb
0
0
0
Discover the intricate details of CVE-2024-21115 from @TrendMicro's @thezdi, a critical Out-of-Bounds Write #vulnerability in Oracle VirtualBox, explained by #Pwn2Own champion Cody Gallagher. This bug was patched this April by #Oracle. https://t.co/VfLYot9TrB
0
0
0
Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox https://t.co/DBB3ZF5rsj
0
0
3
Technical details have emerged about the CVE-2024-21115 (CVSS 8.8) flaw, which has been discovered in Oracle VM #VirtualBox, a widely used product under #Oracle Virtualization. This flaw can lead to the complete takeover of the VirtualBox environment https://t.co/uJFrvAsGhB
0
3
1
🗣 Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox https://t.co/4n9pFlhYO5 #security #cybernews #cybersecurity #fridaysecurity #linkedin #twitter #telegram
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.oracle.com/security-alerts/cpuapr2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpuapr2024.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.oracle.com/security-alerts/cpuapr2024.html
[email protected]https://www.oracle.com/security-alerts/cpuapr2024.html
GITHUBhttps://www.oracle.com/security-alerts/cpuapr2024.html

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence