VMware has released security updates addressing a medium severity vulnerability (CVE-2024-37085) in their ESXi hypervisor product. This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerability could allow attackers that have gained limited access rights to perform privilege escalation and obtain full administrative privileges, potentially resulting in data exfiltration and encryption.
This vulnerability affects VMware ESXi versions up to and including ESXi 8.0 U2c.
Users and administrators of product versions ESXi 8.0 and above are advised to update to the latest version immediately.
For versions below ESXi 8.0, no patches will be supplied by the vendor. Users are advised to remediate the vulnerability by changing the following ESXi advanced options:
- Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd from true to false
- Config.HostAgent.plugins.vimsvc.authValidateInterval from 1440 to 90
- Config.HostAgent.plugins.hostsvc.esxAdminsGroup from "ESX Admins" to ""
More information is available here: