What is it?
Broadcom VMWare is a popular virtualization server software that allows more than one virtual server to run on a single physical server. Different virtual servers may run different operating systems.
VMWare (ESXi and vCenter Server) has flaws that allow one user to gain access to all other users by recreating a deleted admin group (CVE-2024-37085) or create a denial of service condition (CVE-2024-37086, CVE-2024-37087).
Why is it a risk?
An attacker may exploit this vulnerability to perform actions as another user on either the virtual server or the host/physical server. Potentially holding the server for ransom.
The Security Daily Review link below explains in more detail how this vulnerability is being used to hold servers for ransom.
Broadcom has assigned a severity of Moderate to this vulnerability.
How can you mitigate the risk?
The Broadcom Support link below shows a Reponse Matrix (section 3a). Find your specific product row in the table and apply the updates listed in the “Fixed Version” column.
Resources:
Security Daily Review: Microsoft warns of active exploitation of CVE-2024-37085 flaw
https://cybersecuritynews.com/vmware-esxi-and-workstation-vulnerabilities/
Broadcom Support Portal: CVE-2024-37085
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
