CVE-2014-6588

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.

CVSS v2.0 3.2 LOW

3.2^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 3.1 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Vendor Advisory
https://security.gentoo.org/glsa/201612-27

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 2 (hide)

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-01-21 15:28

Updated : 2023-12-10 11:31

NVD link : CVE-2014-6588

Mitre link : CVE-2014-6588

CVE.ORG link : CVE-2014-6588

JSON object : View

Products Affected

oracle

vm_virtualbox

opensuse

opensuse

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-6588", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-21T15:28:25.307", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201612-27", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox anterior a 4.3.20 permite a usuarios locales afectar la integridad y disponibilidad a trav\u00e9s de vectores relacionados a VMSVGA dispositivos virtuales gr\u00e1ficos, una vulnerabilidad diferente a CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427."}], "lastModified": "2018-10-30T16:27:35.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EBCE5E7-2E46-4EEE-BDFD-D0451BE88F12", "versionEndIncluding": "4.3.18"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}