Thu, Jun 11, 2015
The Venom vulnerability (CVE-2015-3456) was discovered by CrowdStrike, an end-point security firm. The bug exists in the virtual Floppy Disk Controller for the open-source hypervisor called Quick Emulator (QEMU), which is installed by default in a number of virtualization platforms, including the QEMU native client, Xen, kernel-based virtual machine (KVM) and Oracle’s VirtualBox. VMware, Microsoft Hyper-V and Bochs hypervisors are not affected. CUNA Mutual Group utilizes the VMware platform and is not affected by Venom. The vulnerability impacts organizations using a vulnerable VM. Third-party cloud service providers are particularly at risk since they often store their customers’ data on VMs on the same server within their data center. The VMs share resources but remain separate on the host hypervisor. A cybercriminal could rent space with a cloud service provider to exploit the vulnerability and steal data from the service provider’s customers, as well as from any device connected to the service provider’s network.
To read full alert click HERE.