VMware ESXi Vulnerability Allows Attackers to Bypass Authentication
VMware has disclosed three critical vulnerabilities in its ESXi hypervisor that allow attackers to bypass authentication mechanisms.
These vulnerabilities, identified as CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087, pose significant risks to organizations using VMware ESXi for their virtualized environments.
Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan
Vulnerability Details
The vulnerabilities affect the authentication processes within VMware ESXi, potentially allowing unauthorized access to the system.
- CVE-2024-37085: If a malicious actor has the necessary Active Directory (AD) permissions, they can potentially obtain complete access to an ESXi host that had been set up to utilize AD for user management. This can be accomplished by recreating the specified AD group (‘ESXi Admins’ as the default) after removing it from AD.
- CVE-2024-37086: This vulnerability enables a threat actor with local administrative privileges on a virtual machine, which already has a snapshot, to initiate an out-of-bounds read, resulting in a denial-of-service situation for the host.
- CVE-2024-37087: A potential threat exists where an unauthorized individual with network access to the vCenter Server could potentially carry out actions that lead to a denial-of-service situation.
The specific details of each vulnerability are as follows:
| CVE ID | Description |
|---|---|
| CVE-2024-37085 | Authentication bypass vulnerability in ESXi’s management interface. |
| CVE-2024-37086 | VMware ESXi contains an out-of-bounds read vulnerability |
| CVE-2024-37087 | vCenter Server denial-of-service vulnerability |
Successful exploitation of these vulnerabilities could allow attackers to gain administrative access to the ESXi host without proper authentication. This could lead to unauthorized control over virtual machines, data breaches, and potential disruption of services.
VMware has released patches to address these vulnerabilities. It is crucial for administrators to apply these updates immediately to mitigate the risks. The following table summarizes the affected versions and the recommended actions:
| Affected Product | Affected Versions | Recommended Action |
|---|---|---|
| VMware ESXi | All versions prior to the patched release | Apply the latest security patches from VMware. |
| vCenter Server | All versions prior to the patched release | Update to the latest version as per VMware’s advisory. |
- Immediate Patch Application: Administrators should prioritize applying the security patches provided by VMware to all affected systems.
- Network Segmentation: Isolate critical systems and limit network access to the management interfaces of VMware ESXi and vCenter Server.
- Monitoring and Logging: Implement robust monitoring and logging mechanisms to detect any unauthorized access attempts.
- Regular Audits: Conduct regular security audits and vulnerability assessments to ensure the integrity of the virtualized environment.
The discovery of these critical vulnerabilities underscores the importance of maintaining up-to-date security practices and promptly applying patches.
Organizations using VMware ESXi should take immediate action to protect their virtualized environments from potential exploitation.
Under Attack? Try Cynet All-in-One Cybersecurity Platform for detection, correlation, and investigation: Free Demo
