VMware ESXi/Cloud Foundation Active Directory improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in VMware ESXi and Cloud Foundation. It has been classified as critical. This affects an unknown part of the component Active Directory. The manipulation leads to improper authentication. This vulnerability is referenced as CVE-2024-37085. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in VMware ESXi and Cloud Foundation (unknown version) and classified as critical. This issue affects an unknown code block of the component Active Directory. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
The advisory is shared at support.broadcom.com. The identification of this vulnerability is CVE-2024-37085 since 06/03/2024. The exploitation is known to be easy. The attack may be initiated remotely. The exploitation requires an enhanced level of successful authentication. Technical details are unknown but a public exploit is available.
The exploit is available at microsoft.com. It is declared as attacked. The CISA Known Exploited Vulnerabilities Catalog lists this issue since 07/30/2024 with a due date of 08/20/2024:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.Applying a patch is able to eliminate this problem.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.1VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.2
VulDB Temp Score: 6.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.2
NVD Vector: 🔍
CNA Base Score: 6.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Attacked
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
06/03/2024 🔍06/25/2024 🔍
06/25/2024 🔍
09/09/2024 🔍
Sources
Vendor: vmware.comAdvisory: support.broadcom.com
Status: Confirmed
CVE: CVE-2024-37085 (🔍)
GCVE (CVE): GCVE-0-2024-37085
GCVE (VulDB): GCVE-100-269645
scip Labs: https://www.scip.ch/en/?labs.20060413
Entry
Created: 06/25/2024 17:17Updated: 09/09/2024 22:30
Changes: 06/25/2024 17:17 (62), 07/30/2024 10:09 (6), 07/30/2024 19:35 (9), 07/31/2024 03:57 (1), 07/31/2024 19:55 (11), 09/09/2024 22:30 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.