CVE-2024-37085

June 25, 2024, 6:50 p.m.

6.8
Medium

Description

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Product(s) Impacted

Product Versions
VMware ESXi
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

Tags

security@vmware.com
2024-06-25
CVE-2024-37085

CVSS Score

6.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: June 25, 2024, 3:15 p.m.
Last Modified: June 25, 2024, 6:50 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@vmware.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-37085 using threat intelligence.

  • Akira
  • Megazord
  • Akira

Linked Attack Reports

Akira ransomware continues to evolve

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
linux
ransomware
windows
rust
CVE-2024-37085
vulnerability exploitation
akira
CVE-2023-27532
esxi
CVE-2024-40766
CVE-2023-48788
double-extortion
CVE-2024-40711
CVE-2023-20269
2024-10-22
CVE-2020-3259
CVE-2023-20263
chacha8
megazord
Published: October 22, 2024
Linked vulnerabilities : CVE-2024-37085 (CVSS 6.8), CVE-2024-40766 (CVSS 9.8), CVE-2024-40711 (CVSS 9.8), CVE-2023-27532, CVE-2023-20269, CVE-2020-3259, CVE-2023-48788, CVE-2023-20263
Downloadable IOCs: 37

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.