VMware has disclosed three critical vulnerabilities in its ESXi hypervisor that allow attackers to bypass authentication mechanisms.
These vulnerabilities, identified as CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087, pose significant risks to organizations using VMware ESXi for their virtualized environments.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
Vulnerability Details
The vulnerabilities affect the authentication processes within VMware ESXi, potentially allowing unauthorized access to the system.
- CVE-2024-37085: This vulnerability allows an attacker with network access to the ESXi host to bypass authentication and gain unauthorized access to the system. The flaw lies in the improper handling of authentication tokens, which can be exploited to gain administrative privileges.
- CVE-2024-37086: Similar to CVE-2024-37085, this vulnerability also permits attackers to bypass authentication. It exploits a weakness in the ESXi host’s session management, enabling attackers to hijack active sessions and perform unauthorized operations.
- CVE-2024-37087: This vulnerability involves a flaw in the ESXi host’s handling of authentication requests. Attackers can exploit this flaw to bypass authentication checks and gain access to sensitive information or perform administrative actions without proper authorization.
The specific details of each vulnerability are as follows:
| CVE ID | Description | CVSS Score |
|---|---|---|
| CVE-2024-37085 | Authentication bypass vulnerability in ESXi’s management interface. | 9.8 |
| CVE-2024-37086 | Flaw in the SSH authentication mechanism allowing unauthorized access. | 9.8 |
| CVE-2024-37087 | Vulnerability in the vCenter Server authentication process. | 9.8 |
Successful exploitation of these vulnerabilities could allow attackers to gain administrative access to the ESXi host without proper authentication. This could lead to unauthorized control over virtual machines, data breaches, and potential disruption of services.
VMware has released patches to address these vulnerabilities. It is crucial for administrators to apply these updates immediately to mitigate the risks. The following table summarizes the affected versions and the recommended actions:
| Affected Product | Affected Versions | Recommended Action |
|---|---|---|
| VMware ESXi | All versions prior to the patched release | Apply the latest security patches from VMware. |
| vCenter Server | All versions prior to the patched release | Update to the latest version as per VMware’s advisory. |
- Immediate Patch Application: Administrators should prioritize applying the security patches provided by VMware to all affected systems.
- Network Segmentation: Isolate critical systems and limit network access to the management interfaces of VMware ESXi and vCenter Server.
- Monitoring and Logging: Implement robust monitoring and logging mechanisms to detect any unauthorized access attempts.
- Regular Audits: Conduct regular security audits and vulnerability assessments to ensure the integrity of the virtualized environment.
The discovery of these critical vulnerabilities underscores the importance of maintaining up-to-date security practices and promptly applying patches.
Organizations using VMware ESXi should take immediate action to protect their virtualized environments from potential exploitation.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free