Broadcom Releases Security Updates for VMware ESXi, vCenter Server, and Cloud Foundation Vulnerabilities

Advisory addresses three security vulnerabilities that could result in denial-of-service or authentication bypass

Threat ID:: CC-4531
Threat Severity:: Medium
Published:: 29 July 2024 3:04 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Advisory addresses three security vulnerabilities that could result in denial-of-service or authentication bypass

Affected platforms

The following platforms are known to be affected:

Versions: 8.0, 7.0

VMware ESXi

Versions: 8.0, 7.0

VMware vCenter Server

Versions: 5.x, 4.x

VMware Cloud Foundation

Threat details

Exploitation of CVE-2024-37085 reported

VMware applications have become a popular target for ransomware and data-extortion groups, and rapidly patching vulnerable software should be considered of critical importance. NHS England National CSOC advises that exploitation of CVE-2024-37085 by several ransomware groups has been reported in the wild.

Introduction

Broadcom has released an advisory that addresses three security vulnerabilities in VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. VMware ESXi is an enterprise-class hypervisor, VMware vCenter Server is a centralised virtual machine manager, and Cloud Foundation is a platform for the provision of cloud environments.

Vulnerability details

CVE-2024-37085 - VMware ESXi contains an authentication bypass vulnerability, which an attacker with sufficient Active Directory (AD) permissions could exploit to gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
CVE-2024-37086 - VMware ESXi contains an out-of-bounds read vulnerability, which an attacker with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
CVE-2024-37087 - The vCenter Server contains a denial-of-service vulnerability.

Threat updates

Date	Update
30 Jul 2024	Exploitation of CVE-2024-37085 added to this Cyber Alert

Remediation advice

Affected organisations are encouraged to review Broadcom's VMware advisory VMSA-2024-0013 and apply the relevant updates.

Definitive source of threat updates

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

CVE Vulnerabilities

Status Published

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Status Published

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.

Status Published

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

Last edited: 30 July 2024 2:53 pm