FortiSandbox
FortiSandbox provides a solution to protect against advanced threats and ransomware for companies who don’t want to implement and maintain a sandbox environment on their own.
fropert_FTNT
Staff
Staff
Article Id 196590

Description

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.

FortiSandbox is affected by this vulnerability and a patch is already available to customers.

Other Fortinet products can be executed as Xen and KVM virtual machines but they are not directly affected by this vulnerability.

The Fortinet Product Security Incident Response Team (PSIRT) advises to build an inventory of hypervisor machines which execute Fortinet virtual appliances in order to apply the latest Xen and KVM patches developed to address the VENOM vulnerability.

More information about the vulnerability can be found at the following links:


Scope

FortiSandbox 2.0.2 and lower.


Solution

Upgrade to FortiSandbox 2.0.3 or above.



 

 

Contributors