VMWare ESXi Active Exploitation Campaigns - 20240730001¶
Overview¶
Since the publication of Advisory 20240626001, CISA has added the VMWare ESXi vulnerability to their Known Exploited Vulnerability catalog.
What is vulnerable?¶
| Product(s) Affected | CVE | CVSSv3 | Severity |
|---|---|---|---|
| VMware ESXi - 8.0 before build ESXi80U3-24022510 - 7.0 before build ESXi70U3sq-23794019 VMware Cloud Foundation - 5.x before 5.2 - 4.x before Async patch to ESXi 7.0 U3q |
CVE-2024-37085 CVE-2024-37086 CVE-2024-37087 |
6.8 6.8 5.3 | Medium Medium Medium |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
- Broadcom advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
Additional References¶
- CISA article: https://www.cisa.gov/news-events/alerts/2024/07/30/cisa-adds-one-known-exploited-vulnerability-catalog
- SecurityAffairs article: https://securityaffairs.com/166295/cyber-crime/ransomware-gangs-exploit-cve-2024-37085-vmware-esxi.html
- ZeroDayInitiative article: https://www.zerodayinitiative.com/advisories/ZDI-24-882/