⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-08-20.
CVE-2024-37085
Severity
7.2HIGH
EPSS
71.9%
top 1.26%
CISA KEV
KEVRansomware
Added 2024-07-30
Due 2024-08-20
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJun 25
KEV addedJul 30
KEV dueAug 20
Latest updateAug 28
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
1🕵️Threat Intelligence
3Talos▶
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks↗2024-08-28