CVE-2024-37085: VMware ESXi Authentication Bypass Vulnerability
First published: Tue Jun 25 2024(Updated: )
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESXi | ||
| VMware Cloud Foundation | >=4.0<5.2 | |
| VMware ESXi | =7.0 | |
| VMware ESXi | =8.0 | |
| VMware ESXi | =8.0-a | |
| VMware ESXi | =8.0-b | |
| VMware ESXi | =8.0-c | |
| VMware ESXi | =8.0-update_1 | |
| VMware ESXi | =8.0-update_1a | |
| VMware ESXi | =8.0-update_1c | |
| VMware ESXi | =8.0-update_1d | |
| VMware ESXi | =8.0-update_2 | |
| VMware ESXi | =8.0-update_2b | |
| VMware ESXi | =8.0-update_2c |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/07/30/make_me_admin_esxi_flaw/
- https://www.bleepingcomputer.com/news/security/black-basta-ransomware-switches-to-more-evasive-custom-malware/
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-vmware-esxi-bug-exploited-in-ransomware-attacks/
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505;
- https://nvd.nist.gov/vuln/detail/CVE-2024-37085
Frequently Asked Questions
What is the severity of CVE-2024-37085?
CVE-2024-37085 is classified as a critical severity vulnerability due to its potential for unauthorized access.
How do I fix CVE-2024-37085?
To fix CVE-2024-37085, apply the security patch provided by VMware for the affected ESXi versions.
Who is affected by CVE-2024-37085?
CVE-2024-37085 affects VMware ESXi hosts that are configured to use Active Directory for user management.
Can CVE-2024-37085 be exploited remotely?
Yes, CVE-2024-37085 can be exploited remotely by a malicious actor with sufficient Active Directory permissions.
What impact does CVE-2024-37085 have on system security?
The impact of CVE-2024-37085 includes unauthorized full access to ESXi hosts, which can lead to data breaches and service disruptions.
- agent/first-publish-date
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2024-37085
- alias/CVE-2023-28252
- agent/title
- agent/description
- collector/bleeping-computer
- source/BleepingComputer
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/weakness
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/author
- agent/trending
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/vmware
- canonical/vmware esxi
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.0
- version/vmware esxi/7.0
- version/vmware esxi/8.0
- version/vmware esxi/8.0-a
- version/vmware esxi/8.0-b
- version/vmware esxi/8.0-c
- version/vmware esxi/8.0-update_1
- version/vmware esxi/8.0-update_1a
- version/vmware esxi/8.0-update_1c
- version/vmware esxi/8.0-update_1d
- version/vmware esxi/8.0-update_2
- version/vmware esxi/8.0-update_2b
- version/vmware esxi/8.0-update_2c