Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
15 May 2015 Open High CVSS v2: 7.7 SA95
The VENOM vulnerability allows a local guest user in affected virtualized platforms to escape from the virtual environment and execute code on the host. An attacker can use this vulnerability to gain complete access to the host and to the host's local network and adjacent systems.
11.0 and later
Not available at this time.
Upgrade to later release with fixes.
Upgrade to later release with fixes.
Additional Product Information
Only vulnerable when running McAfee Firewall Enterprise. Customers running Check Point or other applications are not affected.
Successful exploit of this vulnerability would first require a compromise of the McAfee Firewall Enterprise instance. Customers should check with their application vendors for any additional information on potential vulnerabilities within their application.
XOS utilizes KVM to run McAfee Firewall Enterprise on APM blades of an X-Series chassis. The impact of this vulnerability is limited in this environment because XOS only runs a single trusted McAfee Firewall Enterprise VM per APM module. Additionally, the McAfee Firewall Enterprise guest and XOS host cooperate within a single security domain to provide firewall services. Therefore, an attacker exploiting the VENOM vulnerability would not cross a significant security boundary. Lastly, there is no inherent trust between APM modules within a chassis, so it would be difficult for an attacker who could utilize this vulnerability to compromise a single APM to pivot to another APM modules within the chassis.
The following products are not vulnerable: Advanced Secure Gateway
Android Mobile Agent
Auth Connector Login Application
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
Content Analysis System
Mail Threat Defense
Malware Analysis Appliance
Malware Analyzer G2
Mobile Device Security
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
ProxyAV ConLog and ConLogXP
Blue Coat no longer provides vulnerability information for the following products:
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
Virtualized Environment Neglected Operation Manipulation (VENOM) is a defect in QEMU's virtual Floppy Disk Controller (FDC). FDC is used in multiple virtualization platforms including Xen, KVM, a the native QEMU client. VMWare, Microsoft Hyper-V, and Bochs hypervisors are known not to be impacted. The vulnerability can be exploited regardless of the guest operating system, and even if the virtual floppy drive has been disabled.
An attacker can utilize the VENOM vulnerability to escape from the virtual host. The attacker can use this access to execute code on the host which could result in the attacker gaining elevated privileges on the host's local network and adjacent systems.
2019-01-17 A fix will not be provided for XOS 9.7. Please upgrade to a later release with the vulnerability fixes.
2017-03-06 Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-09-15 Advanced Secure Gateway is not vulnerable.
2016-06-11 PolicyCenter S-Series is not vulnerable.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-04-23 Mail Threat Defense is not vulnerable.
2015-07-13 Title Update
2015-05-18 ProxySG, OPIC, and Director are not vulnerable
2015-05-15 AuthConnector, Auth Connector Login Application, and BCAAA are not vulnerable
2015-05-15 Initial public release
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.