Today, Broadcom issued a second update to VMSA-2024-003 for VMware ESXi, specifically to address the vulnerability CVE-2024-37085. This vulnerability, with a CVSSv3 base score of 6.8 out of 10 (Moderate), allowed an adversary with sufficient Active Directory permissions to gain full access to ESXi hosts. About the vulnerability For an adversary to abuse this … Continue reading "VMware addresses ‘ESX Admins’ authentication bypass vulnerability (CVE-2024-37085) in ESXi 8.0 Update 3"