Jump to content


Photo

CVE-2015-3456 - Venom vulnerability

CVE-2015-3456 venom

  • Please log in to reply
1 reply to this topic

#1 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 31 posts

Posted 13 May 2015 - 05:19 PM

On Wednesday morning, May13, we were notified of the release of CVE-2015-3456 (aka Venom). This vulnerability allows an attacker to move from a guest VM under the attacker’s control to the host that the guest is running on. More information about the vulnerability is available at http://venom.crowdstrike.com.

 
Barracuda's virtual appliances are not directly affected by this issue. However, customers using our virtual appliances should evaluate their hosting platforms and patch them as recommended by the platform vendor.
 
We are currently investigating whether any of our services are affected by this issue. 
 
This thread will be updated as we have additional information.
 


#2 Andy Jensen

Andy Jensen

    BBS

  • Product Managers
  • 63 posts
  • LocationAnn Arbor, MI

Posted 13 May 2015 - 09:12 PM

This afternoon, we determined our Cloud LiveBoot infrastructure to be susceptible to CVE-2015-3456 (aka Venom). Barracuda Cloud operations has patched the vulnerability as of 10:00pm EDT.