Oracle VirtualBox Antes de 7.0.16 es vulnerable a la Escalada de Privilegios Local a través de Symbolic Link Following que conduce a Arbitrary File Delete y Arbitrary File Move.
========================
CVE ID: CVE-2024-21111
========================
┌───[ 🔍 Vulnerability information ]
|
├ Published: 2024-04-16
├ Base Score: 7.8 (HIGH)
├ Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
└ Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
Supported versions that are affected are Prior to 7.0.16. Easily exploitable
vulnerability allows low privileged attacker with logon to the infrastructure where
Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks
of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This
vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8
(Confidentiality, Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
┌───[ ♾️ Exploit Prediction Score (EPSS) ]
|
└ EPSS Score: 0.04% Probability of exploitation.
┌───[ 🛡️ CISA KEV Catalog ]
|
└ Listed: No
┌───[ ⚛️ Nuclei Template ]
|
└ Template: No
┌───[ 💣 GitHub Exploits / PoC ]
|
├ Name: CVE-2024-21111
├ Date: 2024-04-22
└ URL: https://github.com/mansk1es/CVE-2024-21111
┌───[ 💥 VulnCheck Exploits / PoC ]
|
└ ❌ API key for VulnCheck is not configured correctly.
┌───[ 👾 Exploit-DB Exploits / PoC ]
|
└ ✅ https://github.com/mansk1es/CVE-2024-21111
┌───[ ⚠️ Patching Priority Rating for CVE-2024-21111 ]
|
└ Priority: A+
┌───[ 📚 Further References ]
|
└ URL: https://www.oracle.com/security-alerts/cpuapr2024.html
VirtualBox intenta desplazar los ficheros log como NT AUTHORITY\SYSTEM en C:\ProgramData\VirtualBox (en el que todos los usuarios pueden escribir) para respaldarse por un ordinal, pero MAX 10 logs. VirtualBox también tratará de eliminar el registro 11 como NT AUTHORITY\SYSTEM exponiéndose a 2 errores que conducen a la escalada de privilegios. Encontrar este bug fue muy interesante
