Dear All,
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.
Broadcom subsidiary VMware fixed this flaw (CVE-2024-37085) discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3.
CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group—not present by default but can be added after gaining high privileges on the ESXi hypervisor—which will automatically be assigned full administrative privileges.
CISA's directive for U.S. Federal Civilian Executive Branch agencies to secure their servers highlights the critical nature of the VMware ESXi vulnerability (CVE-2024-37085). This flaw, fixed in the recent ESXi 8.0 U3 release, allows attackers to gain high privileges and add a user with full administrative rights. It's a significant security risk, and timely action is essential to prevent exploitation, especially given its use in ransomware attacks.
Thanks for sharing @leefarrellhelps.