Published on: 28 June 2024
Last update on: 30 July 2024
VMware has published security advisories to address multiple vulnerabilities in VMware products. The details of patches can be found at:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24372
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
Reports indicated that the security restriction bypass vulnerability (CVE-2024-37085) in VMware ESXi and VMware Cloud Foundation is being exploited in the wild. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Please note that older unsupported versions, including VMware ESXi 7.0 and VMware Cloud Foundation 4.x, are also vulnerable with no security updates provided. System administrators should arrange to upgrade the unsupported versions to supported versions or migrate to other supported technology.
For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.
Depending on the vulnerabilities being exploited, a successful exploitation could lead to denial of service, information disclosure, privilege escalation or security restriction bypass on the affected system.
Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.