Overview
VMware has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-37085
- VMware ESXi version: 8.0
- VMware ESXi version: 7.0
- VMware Cloud Foundation version: 5.X
- VMware Cloud Foundation version: 4.X
Resolved Vulnerabilities
Authentication bypass vulnerability (CVE-2024-37085) that could allow a malicious actor to gain full access to ESXi hosts configured to use AD for user management on or below
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-37085
- VMware ESXi versions: See Referenced Sites[3] to update
- VMware ESXi versions: No Patch Planned
- VMware Cloud Foundation versions: 5.2
- VMware Cloud Foundation versions: No Patch Planned
Referenced Sites
[1] CVE-2024-37085 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-37085
[2] VMSA-2024-0013:VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2024-37085)
[3] VMware ESXi 8.0 Update 3 Release Notes
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-803-release-notes/index.html
Article Link: VMware Product Security Update Advisory (CVE-2024-37085) – ASEC