The National Computer Emergency Response Team (NCERT) has issued a warning regarding critical vulnerabilities identified in VMware ESXi hypervisors, a key enterprise software.

The advisory highlights multiple security flaws, including CVE-2024-55591, CVE-2024-55592, CVE-2024-55593, and CVE-2024-55594, posing significant risks to organizations using ESXi for virtual computers. These vulnerabilities enable attackers to execute remote code, escalate privileges, and compromise virtual environments, particularly when management interfaces are exposed to the internet or lack robust security measures.

Risk Involved Exploiting these vulnerabilities allows attackers to gain full control of the system, manipulate critical configurations, and access sensitive information stored within affected virtual computers. Security researchers have already observed active exploitation attempts, underscoring the urgency for organizations to implement remediation measures.

The vulnerabilities arise from improper input validation, memory corruption, and authentication bypass flaws in specific VMware ESXi versions. CVE-2024-55591 allows remote code execution through improper input validation, while CVE-2024-55592 enables privilege escalation by exploiting weak access controls. CVE-2024-55593 permits unauthorized access through authentication bypass mechanisms, and CVE-2024-55594 can lead to denial-of-service (DoS) attacks, disrupting critical operations. Misconfigurations, outdated software, and weak access controls further increase the risks associated with these vulnerabilities.

Preventive Measures Organizations not enforcing Multi-Factor Authentication (MFA) for administrative access or running outdated ESXi versions remain at heightened risk of exploitation. Security experts stress the need for organizations to secure their virtualized environments against potential attacks.

NCERT has recommended several mitigation strategies to address the vulnerabilities. Organizations should immediately restrict management interface access by disabling internet-facing ESXi management interfaces, implementing strict firewall rules, and using VPNs or jump hosts for secure administrative access. Strong authentication measures, including MFA and role-based access control (RBAC), should be enforced to prevent unauthorized access. Continuous system log monitoring for anomalies and deploying endpoint detection and response (EDR) tools can help identify and mitigate threats in real time. Patching and updating VMware ESXi software is also crucial, as organizations are advised to apply all security patches released by VMware and verify configurations against recommended security best practices.