CISA warns of VMware ESXi bug exploited in ransomw...

Kyaw_Myo_Oo · ‎07-31-2024

Dear All,

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.

Broadcom subsidiary VMware fixed this flaw (CVE-2024-37085) discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3.

CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group—not present by default but can be added after gaining high privileges on the ESXi hypervisor—which will automatically be assigned full administrative privileges.

https://www.bleepingcomputer.com/news/security/cisa-warns-of-vmware-esxi-bug-exploited-in-ransomware...

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP

leefarrellhelps · ‎08-02-2024

CISA's directive for U.S. Federal Civilian Executive Branch agencies to secure their servers highlights the critical nature of the VMware ESXi vulnerability (CVE-2024-37085). This flaw, fixed in the recent ESXi 8.0 U3 release, allows attackers to gain high privileges and add a user with full administrative rights. It's a significant security risk, and timely action is essential to prevent exploitation, especially given its use in ransomware attacks.

Kyaw_Myo_Oo · ‎08-03-2024

Thanks for sharing @leefarrellhelps.

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP

CISA warns of VMware ESXi bug exploited in ransomware attacks