Name Escaping Virtualization
Summary An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualized environment. The adversary is then able to access resources or execute unauthorized code within the host environment, generally with the privileges of the user running the virtualized process. Successfully executing an attack of this type is often the first step in executing more complex attacks.
Prerequisites
Solutions Ensure virtualization software is current and up-to-date. Abide by the least privilege principle to avoid assigning users more privileges than necessary.
Related Weaknesses
CWE ID Description
CWE-693 Protection Mechanism Failure
Back to Top