By LBT Technology Group, LLC. on Thursday, 01 August 2024
Category: Security

VMware ESXi flaw exploited by ransomware group

Threat update

A VMware ESXi vulnerability, known as CVE-2024-37085, has been discovered and it is actively exploited by several ransomware groups. Review this Cybersecurity Threat Advisory to learn how to limit the impact of this flaw. 

Technical Detail and Additional Info

What is the threat?

CVE-2024-37085 is an Active Directory (AD) integration authentication bypass vulnerability that, when successfully exploited, gives an attacker full administrative access to the ESXi hypervisor by default without any further validation. It adds new users to the "ESX Admins" domain group. This group does not exist by default but becomes available once you gain higher privileges on the ESXi hypervisor, which then automatically grants full privileges to users added to it, leaving businesses exposed. 

Why is it noteworthy?

CVE-2024-37085 was discovered by multiple hacker groups and are using three different methods to exploit the flaw. The three different methods are:

What is the exposure or risk?

CVE-2024-37085 affects the following products and versions:

Upon gaining access, ransomware groups can steal sensitive data, move through victims' networks, and encrypt the ESXi hypervisor's file system, leading to disruption of business operations. 

What are the recommendations?

 LBT Technology Group recommends the following actions to limit the impact of CVE-2024-37085:

References

 For more in-depth information about the recommendations, please visit the following links:


If you have any questions, please contact LBT's Sales Engineer.

Related Posts

Leave Comments