How severe is CVE-2020-2908?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-2908?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-2908 - HIGH Severity | CVSS 8.2

Vulnerability Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Related Vulnerabilities

CVE-2012-1168

HIGH

CVSS:8.2(High)

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

CWE-202012

CVE-2015-1000002

HIGH

CVSS:8.2(High)

Open Proxy in filedownload v1.4 wordpress plugin

CWE-202015

CVE-2016-1182

HIGH

CVSS:8.2(High)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a ...

CWE-202016

CVE-2016-1441

HIGH

CVSS:8.2(High)

Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET A...

CWE-202016

CVE-2017-1000368

HIGH

CVSS:8.2(High)

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution...

CWE-202017

CVE-2017-3752

HIGH

CVSS:8.2(High)

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...

CWE-202017