VMware has revealed three critical vulnerabilities in its ESXi hypervisor, identified as CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087. These vulnerabilities could allow attackers to bypass authentication mechanisms, posing significant risks to organizations that use VMware ESXi for their virtualized environments. If exploited, attackers could gain unauthorized control over virtual machines, leading to potential data breaches and service disruptions.
CVE-2024-37085 allows a malicious actor with the necessary Active Directory (AD) permissions to gain full access to an ESXi host by manipulating the AD group used for user management. CVE-2024-37086 enables a threat actor with local administrative privileges on a virtual machine to cause a denial-of-service situation by initiating an out-of-bounds read. CVE-2024-37087 involves a denial-of-service vulnerability where an unauthorized individual with network access to the vCenter Server could exploit it to disrupt services.
VMware has released security patches to address these vulnerabilities and urges administrators to apply them immediately. The patches are crucial in preventing unauthorized access and maintaining the integrity of the virtualized environment. Affected organizations are strongly advised to update their systems to the latest versions as per VMware’s advisory.
To further protect against these vulnerabilities, VMware recommends several best practices. These include applying the security patches immediately, isolating critical systems through network segmentation, implementing robust monitoring and logging mechanisms, and conducting regular security audits. Taking these steps will help organizations safeguard their virtualized environments from potential exploitation.
Reference:
