vmware esxi CVE-2024-37085 vulnerability in VMware Products
Published on June 25, 2024

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Vendor Advisory NVD

Known Exploited Vulnerability

This VMware ESXi Authentication Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

The following remediation steps are recommended / required by August 20, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2024-37085 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2024-37085 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2024-37085

You can be notified by stack.watch whenever vulnerabilities like CVE-2024-37085 are published in these products:

 
 

What versions are vulnerable to CVE-2024-37085?