High severity8.8NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-10129

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Affected products

Oracle Corporation/Vm Virtualbox
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
Range: <=5.1.22
Oracle Corporation/Oracle VM VirtualBoxv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/99638nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038929nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42426/nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000