CrowdStrike researchers found a previously unknown Venom bug, which provides hackers with an access to every machine within the data center network.
Researchers have discovered an unknown bug, dubbed Venom, which allows hackers to operate malicious software in data centers. Although researchers have not yet found the malware exploiting the flaw, it is known that the bug can affect a broad range of virtualization software on main operating systems.
The bug was found by Jason Geffner, a senior security researcher at CrowdStrike, while carrying out an audit of virtual machine hypervisors. The bug has existed for 11 years already, when the virtual FDC code was included to QEMU, but remained unknown until now.
“This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems,” CrowdStrike stated on its website.
Nowadays, the majority of datacenters unite customers into multiple operating systems or virtualized machines on one server. These systems, which are created to share resources, remain separately in the host hypervisor. By exploiting the vulnerability, attackers can get an access to the whole hypervisor and every device in the datacenter.
How a Venom attack could have gone down, according to CrowdStrike. Photo: CrowdStrike
The bug lies in the virtual floppy disk controller in QEMU, an open-source computer emulator that is widely applied in cloud computing. This component is a part of many virtualization platforms, such as KVM and Xen, and according to experts, the biggest target base for cybercriminals would be hosting providers who run these platforms.
To exploit the vulnerability, attackers can purchase a cloud hosting provider, from where they can gain an access to the local network, which runs the host, and obtain data stored there.
“Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy,” CrowdStrike wrote.
The vulnerability is rather dangerous, taking into account the growing number of companies that move their resources to cloud providers. Venom poses threat to companies as it can put its sensitive data at risk.
Amazon, one of the major cloud services providers, informed that its systems are not vulnerable to the bug. Microsoft and Google were not affected by the bug too.
next