CVE-2024-37085

Warning

EPSS 65.24%
Published 25.06.2024 15:15:12
Last modified 20.12.2024 16:52:43
Source security@vmware.com
Teams watchlist Login
Open Login

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously  configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html  by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Affected products Warnungen 2 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Cloud Foundation Version >= 4.0 < 5.2

VMware ≫ ESXi Version7.0

VMware ≫ ESXi Version8.0 Update-

VMware ≫ ESXi Version8.0 Updatea

VMware ≫ ESXi Version8.0 Updateb

VMware ≫ ESXi Version8.0 Updatec

VMware ≫ ESXi Version8.0 Updateupdate_1

VMware ≫ ESXi Version8.0 Updateupdate_1a

VMware ≫ ESXi Version8.0 Updateupdate_1c

VMware ≫ ESXi Version8.0 Updateupdate_1d

VMware ≫ ESXi Version8.0 Updateupdate_2

VMware ≫ ESXi Version8.0 Updateupdate_2b

VMware ≫ ESXi Version8.0 Updateupdate_2c

30.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

VMware ESXi Authentication Bypass Vulnerability

Vulnerability

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

30.07.2024: CERT.at Warnung

https://www.cert.at/de/warnungen/2024/7/kritische-sicherheitslucke-in-vmware-esxi-aktiv-ausgenutzt-update-verfugbar

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	65.24%	0.984

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@vmware.com	6.8	0.9	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-37085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37085

EUVD