杭州江阴科强工业胶带有限公司

{"id":166362,"date":"2024-07-30T21:08:27","date_gmt":"2024-07-30T21:08:27","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=166362"},"modified":"2024-07-30T21:08:29","modified_gmt":"2024-07-30T21:08:29","slug":"cisa-vmware-esxi-bug-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/166362\/security\/cisa-vmware-esxi-bug-known-exploited-vulnerabilities-catalog.html","title":{"rendered":"CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

<\/div>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi bug to its Known Exploited Vulnerabilities catalog.<\/h2>\n\n\n\n
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085<\/a> (CVSS score of 6.8), to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
This week, Microsoft warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of\u00a06.8) in VMware ESXi flaw.<\/p>\n\n\n\n
\u201cMicrosoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.\u201d warned<\/a> Microsoft.<\/em><\/p>\n\n\n\n
The flaw is an authentication bypass vulnerability in VMware ESXi.<\/p>\n\n\n\n
\u201cA malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously <\/strong>configured to use AD for user management<\/a> <\/strong>by re-creating the configured AD group (\u2018ESXi Admins\u2019 by default) after it was deleted from AD.\u201d reads the advisory<\/strong><\/a> published by the virtualization giant.<\/em><\/p>\n\n\n\n
The company released patches for security vulnerabilities affecting ESXi 8.0 and VMware Cloud Foundation 5.x. However, no patches are planned for the older versions, ESXi 7.0 and VMware Cloud Foundation 4.x. Users of the unsupported versions are recommended to upgrade to newer versions to receive security updates and support.<\/p>\n\n\n\n
Microsoft reported that multiple financially motivated groups like Storm-0506, Storm-1175, and Octo Tempest have already exploited this vulnerability to deploy ransomware.<\/p>\n\n\n\n
\u201cMicrosoft security researchers identified a new post-compromise technique utilized by ransomware operators like Storm-0506, Storm-1175,\u00a0Octo Tempest<\/a>, and\u00a0 Manatee Tempest<\/a>\u00a0in numerous attacks.\u201d continues Microsoft. \u201cIn several cases, the use of this technique has led to\u00a0 Akira<\/a>\u00a0and\u00a0 Black Basta<\/a>\u00a0ransomware deployments.\u00a0\u201c<\/em><\/gwmw><\/p>\n\n\n\n
According to\u00a0 Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n
Experts recommend also private organizations review the\u00a0 Catalog<\/a>\u00a0and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix this vulnerability by\u00a0August 20, 2024.<\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, US CISA Known Exploited Vulnerabilities catalog)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a VMware ESXi bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085 (CVSS score of 6.8), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that multiple ransomware gangs are […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5,55],"tags":[88,4112,9508,9506,10918,12584,841,1533],"class_list":["post-166362","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacking","category-security","tag-cybercrime","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-known-exploited-vulnerabilities-catalog","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司