Oracle VM VirtualBox 5.1.x < 5.1.24 (July 2017 CPU)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Oracle VM VirtualBox installed on the remote host is
5.1.x prior to 5.1.24. It is, therefore, affected by multiple
vulnerabilities :

- Multiple unspecified vulnerabilities exist in the Core
component that allow a local attacker to have an impact
on confidentiality, integrity, and availability.
(CVE-2017-10129, CVE-2017-10204, CVE-2017-10210,
CVE-2017-10236, CVE-2017-10237, CVE-2017-10238,
CVE-2017-10239, CVE-2017-10240, CVE-2017-10241,
CVE-2017-10242)

- Multiple unspecified vulnerabilities exist in the Core
component that allow a local attacker to have an impact
on integrity and availability. (CVE-2017-10187,
CVE-2017-10233, CVE-2017-10235)

- An unspecified vulnerability exists in the Core
component that allows a local attacker to have an impact
on confidentiality and availability. (CVE-2017-10209)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?76f5def7
https://www.virtualbox.org/wiki/Changelog
http://www.nessus.org/u?f571fd26

Solution :

Upgrade to Oracle VM VirtualBox version 5.1.24 or later as
referenced in the July 2017 Oracle Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true