CVE-2024-37085VMware ESXi Authentication Bypass Vulnerability

PUBLISHEDvulnerability record
2024-07-30 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2024-37085
项目:
VMware
产品:
ESXi
添加日期:
2024-07-30
到期日:
2024-08-20
最后更新:
June 21, 2025

漏洞名称

VMware ESXi Authentication Bypass Vulnerability

描述

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

已知用于勒索软件活动吗?

勒索软件状态:
KNOWN

采集行动

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

其他说明

相关新闻文章

相关 CWE