Codenotary Trustcenter Blog

vmware-cve-2015-3456-aka-venom-vulnerability - Codenotary

Written by Dennis | May 21, 2015 10:03:27 PM

Lots of users were scared when reading about the latest vulnerability – VENOM, that attacks virtual machines through the virtual floppy drive.

Photo courtesy of Crowdstrike

http://venom.crowdstrike.com/

VENOM, CVE-2015-3456is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.

Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.For more information, read the following blog posts: Community Patching & Mitigation UpdateVENOM Vulnerability Details

VMware officially stated that they are NOT vulnerable to VENOM:

VMware products are not vulnerable to CVE-2015-3456. VMware product security has reviewed CVE-2015-3456 and has concluded that the vulnerable code is not used in VMware products.Our determination aligns with the researcher’s findings as published at http://venom.crowdstrike.com.

You can read more about it here: VMware KB 2117469