PSIRT

CVE-2015-3456 "VENOM" vulnerability

Description

The VENOM (Virtualized Environment Neglected Operations Manipulation) vulnerability impacts popular virtualization platforms, including QEMU, Xen, KVM, and Oracle's VirtualBox.
It consists in a buffer overflow condition in the FDC (Floppy Disk Controller) emulation code.
Fortinet virtual appliances including FortiOS, FortiManager, FortiAnalyzer and any other product running on Hyper-V, Xen and KVM are not affected.

Impact Detail

An attacker with shell access in a guest operating system may crash a guest virtual machine or/and execute arbitrary code in the host's hypervisor process.

Affected Products

FortiSandbox 2.0.2 and below is theoretically affected, however no working exploit code has been known to be available so far.

Solutions

Upgrade to FortiSandbox 2.0.3.

References

http://venom.crowdstrike.com

IR Number	FG-IR-15-012
Date	May 19, 2015
Severity	High
Impact	Guest VM DoS and VM escape
CVE ID	CVE-2015-3456
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

CVE-2015-3456 "VENOM" vulnerability

Description

Impact Detail

Affected Products

Solutions

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

CVE-2015-3456 "VENOM" vulnerability

Description

Impact Detail

Affected Products

Solutions

References

Threat Intelligence
Center