CVE-2024-37085 vulnerability in VMware ESXi allows attackers who gain sufficient permissions to access a domain-joined ESXi host. The issue occurs if the Active Directory group 'ESX Admins' is recreated, granting default administrator privileges.
Broadcom released fixes for affected devices, but Microsoft revealed exploitation by ransomware groups like Storm-0506 and Octo Tempest. In-the-wild attacks were not mentioned in Broadcom's advisory.
Collection
[
|
...
]