VMware ESXi/vCenter Auth Bypass & DoS Vulnerabilities Advisory (CVE-2024-37085/37086/37087)

Critical Vulnerability Information Vulnerability Overview Advisory ID: VMSSA-2024-0013.2 Advisory Severity: Moderate Affected CVEs: CVE-2024-37085, CVE-2024-37086, CVE-2024-37087 Affected Products VMware ESXi VMware vCenter Server VMware Cloud Foundation Vulnerability Details 1. VMware ESXi Active Directory Integration Authentication Bypass (CVE-2024-37085) - Description: An authentication bypass vulnerability exists, allowing malicious users to gain full access to ESXi hosts. - Severity: Moderate (6.8) - Resolution: Update to the specified version. 2. VMware ESXi out-of-bounds read vulnerability (CVE-2024-37086) - Description: An out-of-bounds read vulnerability exists, potentially leading to host denial of service. - Severity: Moderate (6.8) - Resolution: Update to the specified version. 3. VMware vCenter denial-of-service vulnerability (CVE-2024-37087) - Description: A denial-of-service vulnerability exists, potentially causing vCenter Server to stop functioning. - Severity: Moderate (5.3) - Resolution: Update to the specified version. Reference Information Fixed Versions and Release Notes: Provides links to updates and documentation for each product. Change Log: Records the history of changes to this advisory. Contact: Provides contact information and links to relevant policies.

Goal Reached Thanks to every supporter — we hit 100%!

VMware ESXi/vCenter Auth Bypass & DoS Vulnerabilities Advisory (CVE-2024-37085/37086/37087)