🗓️ Sign up for the 2025 runZero Hour webcast series and never miss a new episode! Register Now

On This Page:

  1. Latest Broadcom ESXi vulnerabilities
  2. What is the impact?
  3. Are updates or workarounds available?
  4. How to find potentially vulnerable systems runZero

How to find VMware/Broadcom ESXi installs on your network

Blain Smith
|
Updated

Latest Broadcom ESXi vulnerabilities #

Broadcom has disclosed a vulnerability in their ESXi product that involves a domain group that could contain members that are granted full administrative access to the ESXi hypervisor host by default without proper validation.

CVE-2024-37085 is rated medium with CVSS score of 6.8 and allows an attacker with sufficient Active Directory (AD) permissions to bypass authentication.

What is the impact? #

A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. The three ways this can be exploited are:

1. Creating the AD group 'ESX Admins' to the domain and adding a user to it (known to be exploited in the wild)

2. Renaming another AD group in the domain to 'ESX Admins' and adding a new or existing user to it

3. Refreshing the privileges in the ESXi hypervisor when the 'ESX Admin' group is unassigned as the management group.

Are updates or workarounds available? #

Product

Version

Fixed Version

Workarounds

ESXi

8.0

ESXi80U3-24022510

KB369707

ESXi

7.0

No Patch Planned

KB369707

VMware Cloud Foundation

5.x

5.2

KB369707

VMware Cloud Foundation

4.x

No Patch Planned

KB369707

How to find potentially vulnerable systems runZero #

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

os:ESXi

Additionally, using the runZero VMware integration, use the following query to locate virtual machines running inside VMware, which could be potential sources of exploitation:

source:vmware or source:broadcom

Written by Blain Smith

Blain Smith is a Security Research Engineer at runZero. He spent most of his career in cloud and distributed systems for AAA gaming, entertainment, and networking working on some of the most popular games and systems millions of people play and watch daily. He has given numerous talks at conferences such as TEDx, GopherCon, and P99CONF. His shift into infosec has afforded him the ability to apply his distributed systems and networking knowledge to other industries such as IoT and OT.

More about Blain Smith
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Explore more

Webcasts
The Unreasonable Effectiveness of Inside Out Attack Surface Management
HD Moore, founder of runZero (and previously Metasploit), presents new research that will forever redefine how you approach attack surface...
Watch Now
Webcasts
Safeguarding OT/ICS Assets: Insights from the U.S. Department of Energy
Security experts from the National Renewable Energy Lab’s (NREL) Clean Energy Cybersecurity Accelerator™ (CECA) program join runZero to discuss...
Watch Now
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Read More
Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.
Watch Now

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

Try It Free
icon-bluesky
© Copyright 2025 runZero, Inc. All Rights Reserved