Skip to main content

Advisory addresses three security vulnerabilities that could result in denial-of-service or authentication bypass

Threat ID:CC-4531
Threat Severity:Medium
Published:29 July 2024 3:04 PM

Summary

Advisory addresses three security vulnerabilities that could result in denial-of-service or authentication bypass

Affected platforms

The following platforms are known to be affected:

Versions: 8.0, 7.0
VMware ESXi
Versions: 8.0, 7.0
VMware vCenter Server
Versions: 5.x, 4.x
VMware Cloud Foundation

Threat details

Exploitation of CVE-2024-37085 reported

VMware applications have become a popular target for ransomware and data-extortion groups, and rapidly patching vulnerable software should be considered of critical importance. NHS England National CSOC advises that exploitation of CVE-2024-37085 by several ransomware groups has been reported in the wild.


Introduction

Broadcom has released an advisory that addresses three security vulnerabilities in VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. VMware ESXi is an enterprise-class hypervisor, VMware vCenter Server is a centralised virtual machine manager, and Cloud Foundation is a platform for the provision of cloud environments. 



Vulnerability details

  • CVE-2024-37085 - VMware ESXi contains an authentication bypass vulnerability, which an attacker with sufficient Active Directory (AD) permissions could exploit to gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
  • CVE-2024-37086 - VMware ESXi contains an out-of-bounds read vulnerability, which an attacker with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
  • CVE-2024-37087 - The vCenter Server contains a denial-of-service vulnerability.

Threat updates

   
30 Jul 2024 Exploitation of CVE-2024-37085 added to this Cyber Alert

Remediation advice

Affected organisations are encouraged to review Broadcom's VMware advisory VMSA-2024-0013 and apply the relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-37085VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
StatusPublished
CVE-2024-37086VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
StatusPublished
CVE-2024-37087The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

Last edited: 30 July 2024 2:53 pm

Back to top