CVE-2015-3456 "VENOM" vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-15-012
Final
1
1
2015-05-19T00:00:00
Current version
2015-05-19T00:00:00
2015-05-19T00:00:00
The VENOM (Virtualized Environment Neglected Operations Manipulation) vulnerability impacts popular virtualization platforms, including QEMU, Xen, KVM, and Oracle's VirtualBox. It consists in a buffer overflow condition in the FDC (Floppy Disk Controller) emulation code. Fortinet virtual appliances including FortiOS, FortiManager, FortiAnalyzer and any other product running on Hyper-V, Xen and KVM are not affected.
Guest VM DoS and VM escape
FortiSandbox 2.0.2 and below is theoretically affected, however no working exploit code has been known to be available so far.
Upgrade to FortiSandbox 2.0.3.
https://fortiguard.fortinet.com/psirt/FG-IR-15-012
CVE-2015-3456 "VENOM" vulnerability
http://venom.crowdstrike.com
http://venom.crowdstrike.com
CVE-2015-3456 "VENOM" vulnerability
CVE-2015-3456
https://fortiguard.fortinet.com/psirt/FG-IR-15-012
CVE-2015-3456 "VENOM" vulnerability
Reference>
http://venom.crowdstrike.com
http://venom.crowdstrike.com