VMware ESXi and vCenter Server multiple vulnerabilities - 20240626001 (…

…#826) Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
wagov · Jun 26, 2024 · f39c69b · f39c69b
1 parent 2d1966e
commit f39c69b
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/...visories/20240626001-VMware-ESXi-and-vCenter-Server-multiple-vulnerabilities.md b/...visories/20240626001-VMware-ESXi-and-vCenter-Server-multiple-vulnerabilities.md
@@ -0,0 +1,26 @@
+# VMware ESXi and vCenter Server multiple vulnerabilities - 20240626001
+
+## Overview
+
+The WA SOC has been made aware of multiple vulnerabilities affecting VMware ESXi and vCenter Server.  
+
+
+## What is vulnerable?
+
+| Products Affected.  | CVE                                                               | CVSSv3 | Severity     |
+| ------------------- | ----------------------------------------------------------------- | ---- | ------------ |
+| **versions before** <br> vCenter Server 7.0 <br> vCenter Server 8.0 <br> VMware Cloud Foundation 5.x <br> VMware Cloud Foundation 4.x | [CVE-2024-37085](https://nvd.nist.gov/vuln/detail/CVE-2024-37085)<br>[CVE-2024-37086](https://nvd.nist.gov/vuln/detail/CVE-2024-37086)<br>[CVE-2024-37087](https://nvd.nist.gov/vuln/detail/CVE-2024-37087) | 5.3 - 6.8  | **Medium** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505>
+
+## Additional References
+
+- <https://www.zerodayinitiative.com/advisories/ZDI-24-882/>