vmware-cve-2015-3456-aka-venom-vulnerability

Lots of users were scared when reading about the latest vulnerability – VENOM, that attacks virtual machines through the virtual floppy drive.

VMware VENOM Vulnerability

Photo courtesy of Crowdstrike

http://venom.crowdstrike.com/

VENOM, CVE-2015-3456is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.

Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.For more information, read the following blog posts: Community Patching & Mitigation UpdateVENOM Vulnerability Details

VMware officially stated that they are NOT vulnerable to VENOM:

VMware products are not vulnerable to CVE-2015-3456. VMware product security has reviewed CVE-2015-3456 and has concluded that the vulnerable code is not used in VMware products.Our determination aligns with the researcher’s findings as published at http://venom.crowdstrike.com.

You can read more about it here: VMware KB 2117469

RELATED ARTICLES

Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Dennis
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Dennis
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…
Dennis

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter