New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.3
SynopsisAn application installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.32 or 5.1.x prior to 5.1.14. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the GUI subcomponent that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability.
- An unspecified flaw exists in the Shared Folder subcomponent that allows a local attacker to impact integrity and availability. (CVE-2017-3290)
- An unspecified flaw exists in the GUI subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3316)
- An unspecified flaw exists in the VirtualBox SVGA Emulation subcomponent that allows a local attacker to impact integrity and availability. (CVE-2017-3332)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Oracle VM VirtualBox version 5.0.32 / 5.1.14 or later as referenced in the January 2017 Oracle Critical Patch Update advisory.