CVE-2024-37085
Published Jun 25, 2024
Last updated 5 months ago
- Description
- VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
- Source
- security@vmware.com
- NVD status
- Analyzed
- Products
- cloud_foundation, esxi
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- VMware ESXi Authentication Bypass Vulnerability
- Exploit added on
- Jul 30, 2024
- Exploit action due
- Aug 20, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨 ¡Alerta de seguridad crítica! 🚨 Se ha identificado la vulnerabilidad CVE-2024-37085, que permite omisión de autenticación en Active Directory. 🛡️ Esta brecha podría dar acceso no autorizado a recursos valiosos. ¡Es crucial actuar ahora! 🔧 🔍 Recomienda: Aplicar parches y…
@SpaceDFan
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
☁️ VIRTUAL NIGHTMARE: ESXi UNDER SIEGE. 📌 Ransomware gangs are deploying a new, specialized exploitation toolkit targeting VMware ESXi servers. ‼️ The Capability: It allows attackers to bypass authentication (often exploiting CVE-2024-37085) and instantly gain Full A
@TTheBattlefield
8 Jan 2026
6288 Impressions
8 Retweets
21 Likes
4 Bookmarks
2 Replies
0 Quotes
Hypervisors were “untouchable” until CVE-2024-37085: create “ESX Admins,” own ESXi. UNC3944 dials IT; Black Basta turns off the lights. Patch, segment, keep backups holy. 🔧😈 Skim the playbook and subscribe -> https://t.co/wrEXN3EXpn #AlphaHunt #CyberSecurity #R
@alphahunt_io
15 Oct 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hypervisor ransomware learned a new trick: CVE-2024-37085 + AD abuse = ESXi pancake. Patch late, encrypt early. 🔥🔒 We map the kill chain and stop the blast radius before your VMs flatline. Get the playbook—then subscribe for the next hit. https://t.co/wrEXN3EXpn #Alpha
@alphahunt_io
30 Sept 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-37085 + AD abuse = hypervisor chaos. VMware ESXi under siege—patch, segment, survive. 🔥🔒 Read: https://t.co/wrEXN3EXpn Want fast, actionable threat calls? Subscribe. https://t.co/wrEXN3EXpn #AlphaHunt #CyberSecurity #VMware
@alphahunt_io
24 Sept 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware crews turned CVE-2024-37085 into an ESXi kill switch. Add AD misconfigs + Babuk-leak code = entire farms locked overnight. Hope your “immutable” backups aren’t imaginary. 🕷️💀 Read the breakdown & subscribe/ https://t.co/wrEXN3EXpn #AlphaHunt #CyberS
@alphahunt_io
11 Sept 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Scattered Spider phishes help desks, rides CVE-2024-37085 + AD group abuse to ESXi root; Babuk-leak lockers do the cleanup. Patch now, lock AD, test restores—before your farm pays rent in crypto. 🕷️🔒 Read the breakdown & subscribe https://t.co/wrEXN3EXpn #AlphaHu
@alphahunt_io
5 Sept 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Scattered Spider is back in your vSphere: help-desk phish + CVE-2024-37085 AD group trick → root on ESXi; Babuk-built lockers finish the job. FBI/CISA just updated guidance. Patch, lock AD, test restores. Read more / subscribe https://t.co/wrEXN3EXpn #AlphaHunt #CyberSecurit
@alphahunt_io
22 Aug 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +108108.75% - CVE-2023-20269 (ASA..) +58.41% - CVE-2023-20269 (FTD..) +58.41% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2024-37085 (ESXi..) +20.63%
@DefusedCyber
18 Aug 2025
20187 Impressions
30 Retweets
184 Likes
111 Bookmarks
2 Replies
1 Quote
Scattered Spider hackers are hitting VMware ESXi systems in retail, airlines, and more—using social engineering and custom rootkits. Patch CVE-2024-37085, restrict SSH access, and watch for unusual ESXi activity. Details: https://t.co/40bWOD0MEq
@RedTeamNewsBlog
27 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware changes default Active Directory Integration settings CVE-2024-37085, CVE-2024-37086, CVE-2024-37087 https://t.co/bUYfef9stt
@vspinmaster
7 Jun 2025
165 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware changes default Active Directory Integration settings CVE-2024-37085, CVE-2024-37086, CVE-2024-37087 https://t.co/bUYfef9stt
@vspinmaster
25 Apr 2025
104 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-37085
@transilienceai
24 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#Akira #Ransomware DLS is online again. hxxps://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/ Their favorite vulnerabilities used in different breaches are: CVE-2023-27532, CVE-2024-37085 https://t.co/ep1WtMrFtF
@ShanHolo
11 Nov 2024
541 Impressions
4 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2E2D5-A0B8-4AF1-BF4A-30154F754C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*",
"matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]