VMWare Products Multiple Vulnerabilities
Release Date: 30 Jul 2024
RISK: Medium Risk
TYPE: Operating Systems - VM Ware
Multiple vulnerabilities were identified in VMware products. An attacker could exploit some of these vulnerabilities to trigger denial of service and security restriction bypass.
Note:
CVE-2024-37085 is being exploited in the wild, therefore, the risk level is rated as medium. It is related a domain group whose members are granted full administrative access to the ESXi hypervisor by default without proper validation.
Impact
- Denial of Service
- Security Restriction Bypass
System / Technologies affected
- VMware ESXi 7.0
- VMware ESXi 8.0
- VMware vCenter Server 7.0
- VMware vCenter Server 8.0
- VMware Cloud Foundation 4.x
- VMware Cloud Foundation 5.x
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
Vulnerability Identifier
Source
Related Link
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
- https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/?ranMID=46107&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg&epi=TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg&irgwc=1&clickid=_03iax2kowwkfazabu3mmmr0tov2xfjuvihbk93xm00&OCID=AIDcmmaqfwnksg_AFF_1243925_3327_TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg_190407&tduid=%28ir__03iax2kowwkfazabu3mmmr0tov2xfjuvihbk93xm00%29%283327%29%281243925%29%28TnL5HPStwNw-XMid4rV8QA6r_3zUK_ZdKg%29%28%29&OWTGT=AFF_1243925
沒有留言:
發佈留言