Login Sign Up

CVE-2024-21114

8.8 HIGH

📋 TL;DR

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to the host system to compromise the VirtualBox software, potentially leading to full system takeover. It affects VirtualBox versions prior to 7.0.16. The attack can impact additional products beyond VirtualBox itself due to scope change.

💻 Affected Systems

Products:
  • Oracle VM VirtualBox
Versions: All versions prior to 7.0.16
Operating Systems: Windows, Linux, macOS, Solaris
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all supported platforms where VirtualBox is installed. Requires attacker to have local access to the host system.

📦 What is this software?

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the VirtualBox host system, allowing attacker to execute arbitrary code, access all virtual machines, and potentially pivot to other systems.

🟠

Likely Case

Attacker gains elevated privileges on the host system, compromising confidentiality and integrity of virtual machines and host data.

🟢

If Mitigated

With proper access controls and patching, risk is limited to authorized users only, reducing attack surface significantly.

🌐 Internet-Facing: LOW (requires local access to the host system where VirtualBox runs)
🏢 Internal Only: HIGH (any user with local access to VirtualBox host can potentially exploit this vulnerability)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes this as 'easily exploitable' but requires attacker to have logon access to the infrastructure where VirtualBox executes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.16 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2024.html

Restart Required: Yes

Instructions:

1. Download VirtualBox 7.0.16 or later from Oracle website. 2. Stop all running virtual machines. 3. Uninstall current VirtualBox version. 4. Install the patched version. 5. Restart the host system.

🔧 Temporary Workarounds

Restrict local access

all

Limit user accounts that have access to systems running VirtualBox

Disable VirtualBox if not needed

all

Uninstall VirtualBox from systems where it's not required

sudo apt remove virtualbox (Linux)
Uninstall via Control Panel (Windows)

🧯 If You Can't Patch

  • Implement strict access controls to limit who can log into VirtualBox host systems
  • Isolate VirtualBox hosts on separate network segments and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check VirtualBox version: 'VBoxManage --version' or via GUI Help → About

Check Version:

VBoxManage --version

Verify Fix Applied:

Verify version is 7.0.16 or higher using 'VBoxManage --version'

📡 Detection & Monitoring

Log Indicators:

  • Unusual VirtualBox process activity
  • Unexpected privilege escalation attempts
  • Suspicious VirtualBox service restarts

Network Indicators:

  • Unusual network traffic from VirtualBox host
  • Unexpected connections between virtual machines

SIEM Query:

Process creation where parent process contains 'virtualbox' and child process shows privilege escalation patterns

📊 Metadata

CVE ID: CVE-2024-21114
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-284
Published: April 16, 2024
Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21114, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)