Login Sign Up

CVE-2024-21112

8.8 HIGH

📋 TL;DR

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to the host system to compromise VirtualBox, potentially leading to full system takeover. It affects VirtualBox versions prior to 7.0.16. The attack can impact additional products beyond VirtualBox itself due to scope change.

💻 Affected Systems

Products:
  • Oracle VM VirtualBox
Versions: All versions prior to 7.0.16
Operating Systems: Windows, Linux, macOS, Solaris
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all supported platforms where VirtualBox is installed. Requires attacker to have local access to the host system.

📦 What is this software?

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the VirtualBox host system, allowing attacker to execute arbitrary code, access all virtual machines, and potentially pivot to other systems.

🟠

Likely Case

Attacker gains full control over VirtualBox, can access/modify/delete virtual machines, and potentially escalate privileges on the host system.

🟢

If Mitigated

Limited impact if proper access controls and network segmentation are in place, but VirtualBox functionality would still be compromised.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring attacker access to the host system.
🏢 Internal Only: HIGH - Any internal user with low privileges on a system running vulnerable VirtualBox can exploit this to gain full control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes it as 'easily exploitable' and requires only low privileges. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.16 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2024.html

Restart Required: Yes

Instructions:

1. Download VirtualBox 7.0.16 or later from Oracle website. 2. Uninstall current VirtualBox version. 3. Install the updated version. 4. Restart the host system.

🔧 Temporary Workarounds

Restrict VirtualBox Access

all

Limit user access to systems running VirtualBox to only authorized administrators

Network Segmentation

all

Isolate VirtualBox hosts from critical network segments

🧯 If You Can't Patch

  • Remove VirtualBox from non-essential systems
  • Implement strict access controls and monitor for suspicious activity on VirtualBox hosts

🔍 How to Verify

Check if Vulnerable:

Check VirtualBox version: On Windows: 'VBoxManage --version', On Linux/macOS: 'VBoxManage --version' or check About dialog in GUI

Check Version:

VBoxManage --version

Verify Fix Applied:

Verify version is 7.0.16 or higher using the same commands

📡 Detection & Monitoring

Log Indicators:

  • Unusual VirtualBox process activity
  • Unexpected VirtualBox service restarts
  • Suspicious user privilege escalation attempts

Network Indicators:

  • Unusual network traffic from VirtualBox host
  • Unexpected connections between virtual machines

SIEM Query:

source="VirtualBox" AND (event_type="privilege_escalation" OR process_name="VBox*" AND suspicious_behavior)

📊 Metadata

CVE ID: CVE-2024-21112
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-284
Published: April 16, 2024
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21112, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)