7.7 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
41.0%
Jason Geffner, CrowdStrike Senior Security Researcher reports:
VENOM, CVE-2015-3456, is a security vulnerability in
the virtual floppy drive code used by many computer
virtualization platforms. This vulnerability may allow
an attacker to escape from the confines of an affected
virtual machine (VM) guest and potentially obtain
code-execution access to the host. Absent mitigation,
this VM escape could open access to the host system and
all other VMs running on that host, potentially giving
adversaries significant elevated access to the hostβs
local network and adjacent systems.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | qemu | <Β 0.11.1_19 | UNKNOWN |
FreeBSD | any | noarch | qemu-devel | <Β 0.11.1_19 | UNKNOWN |
FreeBSD | any | noarch | qemu-sbruno | <Β 2.3.50.g20150501_1 | UNKNOWN |
FreeBSD | any | noarch | virtualbox-ose | <Β 4.3.28 | UNKNOWN |
FreeBSD | any | noarch | xen-tools | =Β 4.5.0 | UNKNOWN |
FreeBSD | any | noarch | xen-tools | <Β 4.5.0_5 | UNKNOWN |