VMSA-2024-0013 - CVE-2024-37085 - VMware ESXi vulnerability remediation PowerCLI script
Connect-VIServer vcenter-server
$vmHosts = gc C:\Temp\Hosts.txt
$emailFrom = 'FromMail@domain.com'
$emailTo = 'ToMail@domain.com'
$smtpServer = "mail.domain.com"
$smtpPort = 25
$emailSubject = "ESXi Vulnerability Remediation report - (CVE-2024-37085)"
$successReport = @()
$failureReport = @()
Foreach ($vmHost in $vmHosts)
{
try
{
Get-VMHost -Name $vmHost | Set-VMHostAdvancedConfiguration Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd -Value false -Confirm:$false
Get-VMHost -Name $vmHost | Set-VMHostAdvancedConfiguration Config.HostAgent.plugins.vimsvc.authValidateInterval -Value 90 -Confirm:$false
Get-VMHost -Name $vmHost | Set-VMHostAdvancedConfiguration Config.HostAgent.plugins.hostsvc.esxAdminsGroup -Value "" -Confirm:$false
# Get the esxcli object
$esxcli = Get-Esxcli -VMHost $vmHost -V2
# Prepare the arguments for the unset permission command
$arguments = @{
#Replace the DOMAIN with your value
id = 'DOMAIN\esx^admins'
group = $true
}
# Run the command
$esxcli.system.permission.unset.Invoke($arguments)
$successReport += "Successfully remediated the vulnerability on ESXi host $vmHost"
} catch
{
$failureReport += "Failed to remediate the vulnerability on ESXi host $vmHost. Error: $_"
}
}
$combinedReport = "SUCCESSFUL ADDITIONS:`n" + ($successReport -join "`n") + "`n`nUNSUCCESSFUL ADDITIONS:`n" + ($failureReport -join "`n")
Send-MailMessage -From $emailFrom -To $emailTo -Subject $emailSubject -Body $combinedReport -SmtpServer $smtpServer -Port $smtpPort
Write-Host $combinedReport
Disconnect-VIServer vcenter-server -Confirm:$false