vmware-cve-2015-3456-aka-venom-vulnerability

Lots of users were scared when reading about the latest vulnerability – VENOM, that attacks virtual machines through the virtual floppy drive.

VMware VENOM Vulnerability

Photo courtesy of Crowdstrike

http://venom.crowdstrike.com/

VENOM, CVE-2015-3456is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.

Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.For more information, read the following blog posts: Community Patching & Mitigation UpdateVENOM Vulnerability Details

VMware officially stated that they are NOT vulnerable to VENOM:

VMware products are not vulnerable to CVE-2015-3456. VMware product security has reviewed CVE-2015-3456 and has concluded that the vulnerable code is not used in VMware products.Our determination aligns with the researcher’s findings as published at http://venom.crowdstrike.com.

You can read more about it here: VMware KB 2117469

CNIL
Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud
PERFORMANCE MONITORING, LOG ANALYSIS, LICENSE COMPLIANCE!

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.
Share on twitter
Share on linkedin
Share on facebook
Share on email

Subscribe to our newsletter

White Paper — Registration

We will send you the research paper via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know who you are, so we can send you the CodeNotary Trusted Software Supply Chain white paper.

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.