admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 18:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-370xx/CVE-2024-37085.json

43 lines
1.6 KiB
JSON
Raw Normal View History

Auto-Update: 2024-06-25T16:00:18.962894+00:00
2024-06-25 16:03:10 +00:00
{
"id": "CVE-2024-37085",
"sourceIdentifier": "security@vmware.com",
"published": "2024-06-25T15:15:12.377",
Auto-Update: 2024-06-25T20:00:18.450836+00:00
2024-06-25 20:03:11 +00:00
"lastModified": "2024-06-25T18:50:42.040",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-06-25T16:00:18.962894+00:00
2024-06-25 16:03:10 +00:00
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@vmware.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505",
"source": "security@vmware.com"
}
]
}
Reference in New Issue Copy Permalink