CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:o:vmware:esxi:7.0:::::::*
	cpe:2.3:o:vmware:esxi:8.0:-::::::
	cpe:2.3:o:vmware:esxi:8.0:a::::::
	cpe:2.3:o:vmware:esxi:8.0:b::::::
	cpe:2.3:o:vmware:esxi:8.0:c::::::
	cpe:2.3:o:vmware:esxi:8.0:update_1::::::
	cpe:2.3:o:vmware:esxi:8.0:update_1a::::::
	cpe:2.3:o:vmware:esxi:8.0:update_1c::::::
	cpe:2.3:o:vmware:esxi:8.0:update_1d::::::
	cpe:2.3:o:vmware:esxi:8.0:update_2::::::
	cpe:2.3:o:vmware:esxi:8.0:update_2b::::::
	cpe:2.3:o:vmware:esxi:8.0:update_2c::::::

History

08 Aug 2024, 14:48

Type	Values Removed	Values Added
CWE	~~NVD-CWE-Other~~	CWE-287

01 Aug 2024, 13:53

Type	Values Removed	Values Added
CWE		CWE-305

31 Jul 2024, 14:46

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505 - Patch, Vendor Advisory
First Time		Vmware cloud Foundation Vmware Vmware esxi
CPE		cpe:2.3:o:vmware:esxi:8.0:update_1c:::::: cpe:2.3:o:vmware:esxi:8.0:update_2:::::: cpe:2.3:o:vmware:esxi:8.0:update_2b:::::: cpe:2.3:o:vmware:esxi:7.0:::::::* cpe:2.3:o:vmware:esxi:8.0:update_1:::::: cpe:2.3:o:vmware:esxi:8.0:-:::::: cpe:2.3:a:vmware:cloud_foundation:::::::: cpe:2.3:o:vmware:esxi:8.0:update_1d:::::: cpe:2.3:o:vmware:esxi:8.0:update_1a:::::: cpe:2.3:o:vmware:esxi:8.0:b:::::: cpe:2.3:o:vmware:esxi:8.0:update_2c:::::: cpe:2.3:o:vmware:esxi:8.0:c:::::: cpe:2.3:o:vmware:esxi:8.0:a::::::
CVSS	v2 : ~~unknown~~ v3 : ~~6.8~~	v2 : unknown v3 : 7.2

31 Jul 2024, 01:00

Type	Values Removed	Values Added
Summary		(es) VMware ESXi contiene una vulnerabilidad de omisión de autenticación. Un actor malicioso con suficientes permisos de Active Directory (AD) puede obtener acceso completo a un host ESXi que se configuró previamente para usar AD para la administración de usuarios https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts -to-active-directory.html recreando el grupo de AD configurado ('Administradores de ESXi' de forma predeterminada) después de eliminarlo de AD.

25 Jun 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-25 15:15

Updated : 2024-08-08 14:48

NVD link : CVE-2024-37085

Mitre link : CVE-2024-37085

CVE.ORG link : CVE-2024-37085

JSON object : View

Products Affected

vmware

esxi
cloud_foundation

CWE

CWE-287

Improper Authentication

CWE-305

Authentication Bypass by Primary Weakness

7.2 /10