Guardicore Labs to Disclose Vulnerability in VMware vSphere at Black Hat USA 2017: From vSphere User to Guest Remote Code Execution

Session to Address Vulnerability That May Allow a vSphere User to Take Over Data Center Guest Machines

San Francisco, CA and Tel Aviv, Israel – Guardicore, a leader in internal data center and cloud security, today announced it would unveil a significant vulnerability affecting all recent VMware vSphere versions including 6.5, 6.0, 5.5 and provide mitigation at the upcoming Black Hat USA 2017.

In his session entitled, Escalating Insider Threats Using VMware’s API, scheduled for July 27, 9:00 AM, Ofri Ziv, Head of Guardicore Labs, will unveil a vulnerability in the VMware vSphere platform, today’s number one data center virtualization solution. A malicious actor can break the security model of host-guest isolation – crucial for compliance and defense – and gain root privileges on guest machines. As part of his session, Ziv will demo the attack and show how this vulnerability can be mitigated. Guardicore Labs reported the issue to VMware on May 27, 2017 and a security advisory will be released by VMware after the Black Hat session.

“Today’s dynamic and virtualized environments present evolving security challenges and demand strict attention to policy and infrastructure management,” said Ziv. “Through the VMware example, we hope to shed light on the continued importance of monitoring and enforcing privileges in the modern data center.”

Guardicore Labs is a global cyber security research team that conducts in-depth research and analysis, providing the security industry with actionable insights into the latest and most advanced threats facing data centers and clouds. Guardicore Labs delivers cutting-edge breach detection and response methodologies to help Guardicore customers continually enhance their security posture to protect critical business applications and infrastructure. Guardicore Labs’ recent, high-profile threat discoveries include the Bondnet botnet used to mine different cryptocurrencies, a variant of the MongoDB ransomware attack targeting MySQL databases, the Trojan.sysscan malware and the Infection Monkey that was presented at Black Hat 2016.

About Guardicore

Guardicore is an innovator in data center and cloud security focused on delivering more accurate and effective ways to stop advanced threats through real-time breach detection and response. Developed by the top cyber security experts in their field, Guardicore is changing the way organizations are fighting cyber attacks in their data centers. For more information, visit

From Guardicore's
Resource Center


Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs