The U.S. CISA added an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085 with a CVSS score of 6.8, to its Known Exploited Vulnerabilities (KEV) catalog.
The flaw is an authentication bypass vulnerability in VMware ESXi, and it’s being exploited by multiple ransomware gangs
As per the vendor advisory, a malicious actor with sufficient Active Directory permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group after it was deleted from AD.
VMware released patches for security vulnerabilities affecting ESXi 8.0 and VMware Cloud Foundation 5.x. However, no patches are planned for the older versions, ESXi 7.0 and VMware Cloud Foundation 4.x. Users of the unsupported versions are recommended to upgrade to newer versions to receive security updates and support.
Microsoft reported that multiple financially motivated groups like Storm-0506, Storm-1175, and Octo Tempest have already exploited this vulnerability to deploy ransomware.
CISA orders federal agencies to fix this vulnerability by August 20, 2024.
