CVE-2024-37085

MEDIUM KEV RANSOMWARE

Vmware Esxi < 5.2 - Authentication Bypass

Title source: rule

Description

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Exploits (4)

nomisec SCANNER 2 stars

by mahmutaymahmutay · poc

https://github.com/mahmutaymahmutay/CVE-2024-37085

View Code ZIP pw:eip

nomisec SUSPICIOUS

by WTN-arny · poc

https://github.com/WTN-arny/CVE-2024-37085

View Code ZIP pw:eip

nomisec SUSPICIOUS

by WTN-arny · poc

https://github.com/WTN-arny/Vmware-ESXI

View Code ZIP pw:eip

inthewild

poc

https://github.com/florian-hoth/cve-2024-37085-rce-poc

View on inthewild

References (2)

[Patch, Vendor Advisory] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085

Scores

CVSS v3 6.8

EPSS 0.7247

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2024-07-30

VulnCheck KEV 2024-04-23

InTheWild.io 2024-07-30

ENISA EUVD EUVD-2024-36416

Ransomware Use Confirmed

Classification

CWE

CWE-305 CWE-287

Status published

Affected Products (13)

vmware/cloud_foundation < 5.2

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

vmware/esxi

Timeline

Published Jun 25, 2024

KEV Added Jul 30, 2024

Tracked Since Feb 18, 2026