ADVISORY!
TLP : CLEAR
Date : 30/07/2024
REF NO : CERT / 2024/07/67
VMWare Products Multiple Vulnerabilities
Severity Level: Medium
Components Affected
- VMware ESXi 7.0
- VMware ESXi 8.0
- VMware vCenter Server 7.0
- VMware vCenter Server 8.0
- VMware Cloud Foundation 4.x
- VMware Cloud Foundation 5.x
Overview
Multiple vulnerabilities were identified in VMware products. An attacker could exploit some of these vulnerabilities to trigger denial of service and security restriction bypass.
Note:
CVE-2024-37085 is being exploited in the wild, therefore, the risk level is rated as medium. It is related a domain group whose members are granted full administrative access to the ESXi hypervisor by default without proper validation.
Description
VMware ESXi and vCenter Server are affected by several critical vulnerabilities that could lead to severe security risks. In ESXi, an authentication bypass vulnerability allows a malicious actor with sufficient Active Directory (AD) permissions to gain full access to an ESXi host by re-creating a previously deleted AD group (‘ESXi Admins’ by default). Additionally, ESXi has an out-of-bounds read vulnerability where a malicious actor with local administrative privileges on a virtual machine with an existing snapshot could trigger a denial-of-service condition on the host. Furthermore, vCenter Server is vulnerable to a denial-of-service attack, where a malicious actor with network access could create a denial-of-service condition, potentially disrupting services.
Impact
- Denial of Service
- Security Restriction Bypass
Solution/ Workarounds
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
Reference
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
- https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/?ranMID=46107&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg&epi=TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg&irgwc=1&clickid=_03iax2kowwkfazabu3mmmr0tov2xfjuvihbk93xm00&OCID=AIDcmmaqfwnksg_AFF_1243925_3327_TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg_190407&tduid=%28ir__03iax2kowwkfazabu3mmmr0tov2xfjuvihbk93xm00%29%283327%29%281243925%29%28TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg%29%28%29&OWTGT=AFF_1243925
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
