Friday, August 16, 2024

VMSA-2024-0013 CVE-2024-37085 ESXi vulnerability workaround PowerCLI script

VMSA-2024-0013 - CVE-2024-37085 - VMware ESXi vulnerability remediation PowerCLI script 


Connect-VIServer vcenter-server

$vmHosts = gc C:\Temp\Hosts.txt


$emailFrom = 'FromMail@domain.com'

$emailTo = 'ToMail@domain.com'

$smtpServer = "mail.domain.com"

$smtpPort = 25

$emailSubject = "ESXi Vulnerability Remediation report - (CVE-2024-37085)"


$successReport = @()

$failureReport = @()


Foreach ($vmHost in $vmHosts)

{

    try

    {

        Get-VMHost -Name $vmHost | Set-VMHostAdvancedConfiguration Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd -Value false -Confirm:$false

        Get-VMHost -Name $vmHost | Set-VMHostAdvancedConfiguration Config.HostAgent.plugins.vimsvc.authValidateInterval -Value 90 -Confirm:$false

        Get-VMHost -Name $vmHost | Set-VMHostAdvancedConfiguration Config.HostAgent.plugins.hostsvc.esxAdminsGroup -Value "" -Confirm:$false

    

        # Get the esxcli object

        $esxcli = Get-Esxcli -VMHost $vmHost  -V2

        # Prepare the arguments for the unset permission command

        $arguments = @{

#Replace the DOMAIN with your value

            id = 'DOMAIN\esx^admins' 

            group = $true

        }

        # Run the command

        $esxcli.system.permission.unset.Invoke($arguments)

        $successReport += "Successfully remediated the vulnerability on ESXi host $vmHost"

    } catch

            {

                $failureReport += "Failed to remediate the vulnerability on ESXi host $vmHost. Error: $_"          

            }

}

$combinedReport = "SUCCESSFUL ADDITIONS:`n" + ($successReport -join "`n") + "`n`nUNSUCCESSFUL ADDITIONS:`n" + ($failureReport -join "`n")


Send-MailMessage -From $emailFrom -To $emailTo -Subject $emailSubject -Body $combinedReport -SmtpServer $smtpServer -Port $smtpPort


Write-Host $combinedReport


Disconnect-VIServer vcenter-server -Confirm:$false