Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-14677

Date: July 15, 2020

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Severity Score

Related Resources (8)

https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14677
https://nvd.nist.gov/vuln/detail/CVE-2020-14677
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00079.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.zerodayinitiative.com/advisories/ZDI-20-893/
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html
https://security.gentoo.org/glsa/202101-09
https://www.mend.io/vulnerability-database/CVE-2020-14677

Severity Score

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): COMPLETE
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us