VENOM - CVE-2015-3456

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms (hypervisors). Exploiting this weakness could allow a malicious user to escape from an affected virtual machine (VM) and from there have privileged access to the host OS and other VMs.

An attacker (or malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM and penetrate the underlying OS. In a properly installed LoadMaster instance this level of privilege is not accessible and the LoadMaster software is built without a virtual floppy driver interface.


KEMP has determined that no Virtual LoadMaster is affected by this vulnerability. However if the LoadMaster is deployed on an affected hypervisor, mitigation against this vulnerability should be effected there. 

NOTE: VMware and Microsoft Hyper-V hypervisors are not impacted by this vulnerability.

For further information on this vulnerability please see 

http://venom.crowdstrike.com

 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456

KEMP is committed to resolving security vulnerabilities carefully and quickly.  If you think you have found a security flaw in a KEMP product, please send all supporting information to securityalert@kemptechnologies.com.

Was this article helpful?

0 out of 0 found this helpful

Comments

Powered by Zendesk