Is OmniCenter vulnerable to the Venom exploit?

Short Answer

OmniCenter is NOT vulnerable to this exploit.

In May 2015, security vulnerability CVE-2015-3456 (also known as Venom) was disclosed that affects Xen and KVM virtualized host systems.

This vulnerability allows an attacker who controls a virtual machine on the host system to compromise other virtual machines by using a flaw in the floppy disk controller software.

Although some implementations of the OmniCenter appliance use a Xen hypervisor, OmniCenter is not vulnerable to this exploit. OmniCenter appliances shipped in the last 5 years do not implement the floppy drive controller software that caused this problem, and use more current versions of the Xen hypervisor that do not contain this code. Additionally, since no other virtual machines are installed on the Xen hypervisor in an OmniCenter appliance, there is no way an attacker could compromise the host using this exploit. This type of exploit is of much greater concern to companies that provide cloud-hosted virtual servers.

OmniCenter appliances installed as vSphere virtual appliances are likewise unaffected as the software code in question is not present on VMware-based hypervisors.

If you have any concerns, please feel free to contact Netreo Support.