Advisory 66: CVE-2024-37085 – VMware ESXi Bypass Vulnerability
Release Date: 30th of July 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD
What are the Systems affected?
The following Citrix products are affected;
- VMware ESXi
- VMware vCenter Server
- VMware Cloud Foundation
What this means?
If Vulnerabilities are not addressed, a malicious threat actor with local administrator privileges on a virtual machine with an existing snapshot may trigger an out-of-bound read leading to a denial-of-service condition of the host.
Mitigation process
CERTVU Encourages users and administrators to review the below and apply necessary security updates for the specific VMware listed in the “fixed version” column of the “Response Matrix” below to affected deployments.
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-37085
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5330
- Download advisory (English): CVE-2024-37085 – VMware ESXi Bypass Vulnerability
- Download advisory (Bislama): CVE-2024-37085 – VMware ESXi Baepas Vulnerabiliti
- Download advisory (French): Vulnérabilité de contournement d'authentification dans VMware ESXi - CVE-2024-37085