CVE-2024-37085 is an authentication bypass vulnerability in VMware ESXi. This vulnerability allows a malicious actor with sufficient Active Directory (AD) permissions to gain full access to an ESXi host configured to use AD for user management. The attacker can achieve this by recreating the configured AD group (‘ESXi Admins’ by default) after it was deleted from AD.
Details:
Impact: An attacker can gain unauthorized administrative access to the ESXi host, potentially compromising the virtual machines and data hosted on the ESXi server.
Exploitability: The vulnerability can be exploited by an attacker with sufficient AD permissions, making it a significant risk in environments where AD is used for managing ESXi hosts.
Severity: It has been assigned a CVSS v3.0 score of 6.8, indicating medium severity, but its potential impact on ESXi environments is high.
Mitigation:
Patching: VMware has released patches to address this vulnerability. Administrators are strongly advised to apply these patches immediately to mitigate the risk.
Additional Measures: Network segmentation, robust monitoring, and regular security audits can help in reducing the risk and detecting unauthorized access attempts.
For more detailed information, you can refer to the official advisories and security updates from VMware and other cybersecurity sources (National Vulnerability Database) (Cyber Security News) (Rapid7) (Tenable®).
[ad_2]
source
