CVE-2014-2487

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Vendor Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:oracle:vm_virtualbox::::::::
	cpe:2.3:a:oracle:vm_virtualbox::::::::
	cpe:2.3:a:oracle:vm_virtualbox::::::::
	cpe:2.3:a:oracle:vm_virtualbox::::::::
	cpe:2.3:a:oracle:vm_virtualbox::::::::

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-07-17 05:10

Updated : 2023-12-10 11:31

NVD link : CVE-2014-2487

Mitre link : CVE-2014-2487

CVE.ORG link : CVE-2014-2487

JSON object : View

Products Affected

microsoft

windows

oracle

vm_virtualbox

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-2487", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-17T05:10:14.843", "references": [{"url": "http://seclists.org/fulldisclosure/2014/Dec/23", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox anterior a 3.2.24, 4.0.26, 4.1.34, 4.2.26, y 4.3.14, cuando funciona en Windows, permite a usuarios locales afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Core, una vulnerabilidad diferente a CVE-2014-4261."}], "lastModified": "2018-12-13T18:25:50.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "696393D4-FC52-44E9-ACC9-7D889BB29045", "versionEndExcluding": "3.2.24", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD32DF2E-8FB0-4C36-8505-FC7D3FF29201", "versionEndExcluding": "4.0.26", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57C35230-9C03-4D14-AD7B-A4D67A50F48F", "versionEndExcluding": "4.1.34", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5CDCA84-7AD7-443A-9625-6B78C507DD58", "versionEndExcluding": "4.2.26", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5FD327E-951E-4A0D-A957-1BB05BD749B0", "versionEndExcluding": "4.3.14", "versionStartIncluding": "4.3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n\n\"Applies only when VirtualBox is running on a Windows host operating system.\"", "sourceIdentifier": "secalert_us@oracle.com"}