Threat actors may abuse hypervisor command line interpreters (CLIs) to execute malicious commands. Hypervisor CLIs typically enable a wide variety of functionality for managing both the hypervisor itself and the guest virtual machines it hosts.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.