VMware has disclosed three critical vulnerabilities in its ESXi hypervisor that could allow attackers to bypass authentication mechanisms. These vulnerabilities, identified as CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087, pose significant risks to organizations utilizing VMware ESXi in their virtualized environments.
The vulnerabilities impact the authentication processes within VMware ESXi, potentially enabling unauthorized access to the system. CVE-2024-37085 allows an attacker with network access to the ESXi host to bypass authentication and gain unauthorized privileges. CVE-2024-37086 allows attackers to exploit a flaw in session management, hijack active sessions, and perform unauthorized operations. CVE-2024-37087 affects the authentication request processing, allowing attackers to bypass checks and gain unauthorized access.
Successful exploitation of these vulnerabilities could lead to administrative access without proper authentication, potentially resulting in unauthorized control of virtual machines, data loss, and service disruption. VMware has released patches to address these vulnerabilities, and administrators are urged to apply these updates promptly.
Affected versions and recommended actions include applying the latest security patches for all versions of VMware ESXi before the patch version and upgrading to the latest version for vCenter Server. Immediate patch application, network segmentation, monitoring and logging, and regular audits are recommended security measures to mitigate risks.
The discovery of these vulnerabilities highlights the importance of maintaining security practices and promptly applying patches. Organizations utilizing VMware ESXi should take immediate action to safeguard their virtualized environments from potential exploitation.
Article Source
https://cybersecuritynews.com/VMware-esxi-authentication-vulnerability/amp/