CVE-2024-37085
Published Jun 25, 2024
Last updated 8 months ago
AI description
CVE-2024-37085 is an authentication bypass vulnerability affecting VMware ESXi. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management. This can be achieved by re-creating the configured AD group (named 'ESXi Admins' by default) after it has been deleted from AD. Successful exploitation allows an attacker who has already gained limited system rights on a targeted server to escalate their privileges and gain full administrative control of the ESXi hypervisor. With this level of access, an attacker can manipulate the hypervisor's settings, control the guest operating systems, and potentially encrypt the file system.
- Description
- VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
- Source
- security@vmware.com
- NVD status
- Analyzed
- Products
- cloud_foundation, esxi
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- VMware ESXi Authentication Bypass Vulnerability
- Exploit added on
- Jul 30, 2024
- Exploit action due
- Aug 20, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
31
🚨 ¡Alerta de seguridad crítica! 🚨 Se ha identificado la vulnerabilidad CVE-2024-37085, que permite omisión de autenticación en Active Directory. 🛡️ Esta brecha podría dar acceso no autorizado a recursos valiosos. ¡Es crucial actuar ahora! 🔧 🔍 Recomienda: Aplicar parches y…
@antu_tech
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +108108.75% - CVE-2023-20269 (ASA..) +58.41% - CVE-2023-20269 (FTD..) +58.41% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2024-37085 (ESXi..) +20.63%
@DefusedCyber
18 Aug 2025
20187 Impressions
30 Retweets
184 Likes
111 Bookmarks
2 Replies
1 Quote
Scattered Spider hackers are hitting VMware ESXi systems in retail, airlines, and more—using social engineering and custom rootkits. Patch CVE-2024-37085, restrict SSH access, and watch for unusual ESXi activity. Details: https://t.co/40bWOD0MEq
@RedTeamNewsBlog
27 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware changes default Active Directory Integration settings CVE-2024-37085, CVE-2024-37086, CVE-2024-37087 https://t.co/bUYfef9stt
@vspinmaster
7 Jun 2025
165 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware changes default Active Directory Integration settings CVE-2024-37085, CVE-2024-37086, CVE-2024-37087 https://t.co/bUYfef9stt
@vspinmaster
25 Apr 2025
104 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-37085
@transilienceai
24 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#Akira #Ransomware DLS is online again. hxxps://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/ Their favorite vulnerabilities used in different breaches are: CVE-2023-27532, CVE-2024-37085 https://t.co/ep1WtMrFtF
@ShanHolo
11 Nov 2024
541 Impressions
4 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48D2E2D5-A0B8-4AF1-BF4A-30154F754C94"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9"
}
],
"operator": "OR"
}
]
}
]