From fe3586b464c56407fec7bcb45b6df87500b2fb15 Mon Sep 17 00:00:00 2001
From: JadonWill <117053393+JadonWill@users.noreply.github.com>
Date: Wed, 31 Jul 2024 10:26:08 +0800
Subject: [PATCH] 20240730001 (#914)

* 20240730001

* Format markdown docs

---------

Co-authored-by: JadonWill <JadonWill@users.noreply.github.com>
---
 .../20240731001-VMWare-ESXi-Exploitation.md   | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/advisories/20240731001-VMWare-ESXi-Exploitation.md

diff --git a/docs/advisories/20240731001-VMWare-ESXi-Exploitation.md b/docs/advisories/20240731001-VMWare-ESXi-Exploitation.md
new file mode 100644
index 00000000..82f66ec0
--- /dev/null
+++ b/docs/advisories/20240731001-VMWare-ESXi-Exploitation.md
@@ -0,0 +1,23 @@
+# VMWare ESXi Active Exploitation Campaigns - 20240730001
+
+## Overview
+
+Since the publication of [Advisory 20240626001](https://soc.cyber.wa.gov.au//advisories/20240626001-VMware-ESXi-and-vCenter-Server-multiple-vulnerabilities/), CISA has added the VMWare ESXi vulnerability to their Known Exploited Vulnerability catalog.
+
+## What is vulnerable?
+
+| Product(s) Affected                                                                                                                                                                                         | CVE                                                                                                                                                                                                         | CVSSv3                  | Severity                                     |
+| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -------------------------------------------- |
+| VMware ESXi </br> - 8.0 before build ESXi80U3-24022510 <br> - 7.0 before build ESXi70U3sq-23794019 <br> </br> VMware Cloud Foundation </br> - 5.x before 5.2 </br> - 4.x before Async patch to ESXi 7.0 U3q | [CVE-2024-37085](https://nvd.nist.gov/vuln/detail/CVE-2024-37085)<br>[CVE-2024-37086](https://nvd.nist.gov/vuln/detail/CVE-2024-37086)<br>[CVE-2024-37087](https://nvd.nist.gov/vuln/detail/CVE-2024-37087) | 6.8 </br> 6.8 </br> 5.3 | **Medium** </br> **Medium** </br> **Medium** |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Broadcom advisory: <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505>
+
+## Additional References
+
+- CISA article: <https://www.cisa.gov/news-events/alerts/2024/07/30/cisa-adds-one-known-exploited-vulnerability-catalog>
+- SecurityAffairs article: <https://securityaffairs.com/166295/cyber-crime/ransomware-gangs-exploit-cve-2024-37085-vmware-esxi.html>
+- ZeroDayInitiative article: <https://www.zerodayinitiative.com/advisories/ZDI-24-882/>