Login Sign Up

CVE-2021-2285

7.1 HIGH

📋 TL;DR

This vulnerability in Oracle VM VirtualBox allows an unauthenticated attacker with local access to the host system to access sensitive data from the VirtualBox application. It affects VirtualBox installations prior to version 6.1.20. The attacker must have logon access to the infrastructure where VirtualBox runs.

💻 Affected Systems

Products:
  • Oracle VM VirtualBox
Versions: Prior to 6.1.20
Operating Systems: All platforms running VirtualBox
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all VirtualBox installations on versions before 6.1.20. The attacker must have local access to the host system.

📦 What is this software?

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unauthorized access to all Oracle VM VirtualBox accessible data, potentially including sensitive virtual machine configurations, snapshots, and credentials.

🟠

Likely Case

Exfiltration of VirtualBox configuration files, virtual machine metadata, and potentially sensitive data stored in VirtualBox-managed resources.

🟢

If Mitigated

Limited impact if proper access controls restrict local user privileges and VirtualBox data is encrypted or stored with appropriate permissions.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring attacker access to the host system.
🏢 Internal Only: MEDIUM - Internal users with local access to VirtualBox hosts could exploit this to access sensitive virtualization data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

CVSS indicates 'easily exploitable' but requires local access. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.20 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2021.html

Restart Required: Yes

Instructions:

1. Download VirtualBox 6.1.20 or later from Oracle website. 2. Uninstall current VirtualBox version. 3. Install the updated version. 4. Restart the host system.

🔧 Temporary Workarounds

Restrict local user access

all

Limit which users have local access to VirtualBox host systems

Apply strict file permissions

linux

Set restrictive permissions on VirtualBox configuration and data directories

chmod 700 ~/.VirtualBox
chmod 700 /etc/vbox

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can log into VirtualBox host systems
  • Monitor VirtualBox data directories for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check VirtualBox version with: VBoxManage --version

Check Version:

VBoxManage --version

Verify Fix Applied:

Verify version is 6.1.20 or higher: VBoxManage --version | grep -E '6\.1\.(2[0-9]|[3-9][0-9])|6\.([2-9]|[1-9][0-9])\.[0-9]+'

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to VirtualBox configuration files
  • Unusual file access patterns in VirtualBox directories

Network Indicators:

  • N/A - Local vulnerability

SIEM Query:

source="VirtualBox" AND (event_type="file_access" OR event_type="permission_denied") AND target_path="*VirtualBox*"

📊 Metadata

CVE ID: CVE-2021-2285
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Published: April 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON