cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

CISA warns of VMware ESXi bug exploited in ransomware attacks

Dear All,

 

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.

 

Broadcom subsidiary VMware fixed this flaw (CVE-2024-37085) discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3.

CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group—not present by default but can be added after gaining high privileges on the ESXi hypervisor—which will automatically be assigned full administrative privileges.

 

https://www.bleepingcomputer.com/news/security/cisa-warns-of-vmware-esxi-bug-exploited-in-ransomware...

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP
2 Replies
leefarrellhelps
Newcomer I

CISA's directive for U.S. Federal Civilian Executive Branch agencies to secure their servers highlights the critical nature of the VMware ESXi vulnerability (CVE-2024-37085). This flaw, fixed in the recent ESXi 8.0 U3 release, allows attackers to gain high privileges and add a user with full administrative rights. It's a significant security risk, and timely action is essential to prevent exploitation, especially given its use in ransomware attacks.

Kyaw_Myo_Oo
Contributor III

Thanks for sharing @leefarrellhelps.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP