CVE-2024-37085: VMware ESXi Authentication Bypass Vulnerability. VMware
VMware ESXi Authentication Bypass Vulnerability. VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
- CISA KEV-listed (remediation due 2024-08-20)
- used in ransomware campaigns
- EPSS 80.3% (99.1% percentile)
Detection rules
- Potential Exploitation of CVE-2024-37085 - Suspicious Creation Of ESX Admins Group high
- Potential Exploitation of CVE-2024-37085 - Suspicious ESX Admins Group Activity high