CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 20, 2024

CVE-2024-37085

High

EPSS 72.5%CISA KEVRansomware

Description

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

EPSS — Exploit Probability

72.5%

Higher than 98.7% of all CVEs

Required Action

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505; https://nvd.nist.gov/vuln/detail/CVE-2024-37085

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 72.5%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Jul 30, 2024

Added to KEV

Jul 30, 2024

Remediation Due

Aug 20, 2024

Affected Product

VMware

ESXi

View all VMware CVEs

External Links

NVD (NIST)CVE Details MITRE CVE