Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the
Analysis Summary
# Vulnerability: Critical Heap Overflow in VMware vCenter Server Leading to RCE
## CVE Details
- CVE ID: CVE-2024-37079
- CVSS Score: 9.8 (Critical)
- CWE: Heap Overflow (Inferred from description)
## Affected Systems
- Products: Broadcom VMware vCenter Server
- Versions: Not explicitly listed in the provided text, but versions patched in **June 2024** are vulnerable.
- Configurations: Systems utilizing the DCE/RPC protocol implementation.
## Vulnerability Description
This vulnerability is a heap overflow flaw existing in the implementation of the DCE/RPC protocol within VMware vCenter Server. A remote, unauthenticated attacker can exploit this by sending a specially crafted network packet to the vCenter Server, potentially leading to Remote Code Execution (RCE). This flaw is one of a set of four vulnerabilities discovered in the DCE/RPC service, including three heap overflows and one privilege escalation.
## Exploitation
- Status: **Exploited in the wild** (Confirmed by Broadcom and CISA inclusion in KEV catalog)
- Complexity: Low (Implied by network access to achieve RCE, though specific exploitation details are absent)
- Attack Vector: **Network** (Requires network access to the vCenter Server)
## Impact
- Confidentiality: High (Likely, given potential for RCE)
- Integrity: High (Likely, given potential for RCE)
- Availability: High (Likely, given potential for RCE)
## Remediation
### Patches
- Patched by Broadcom in **June 2024**. Users should update to versions incorporating these June 2024 security fixes. (Specific fixed versions are not detailed in this summary).
### Workarounds
- No specific workarounds were provided in the source text. The primary strategy is immediate patching.
## Detection
- CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, meaning active exploitation is confirmed.
- Detection efforts should focus on network traffic directed towards VMware vCenter Server, specifically looking for anomalous packets destined for the DCE/RPC service interface.
## References
- CISA KEV Catalog (CISA added this vulnerability on Jan 23, 2026)
- Broadcom Security Advisory (Updated to confirm in-the-wild abuse)
- Related Vulnerabilities: CVE-2024-37080 (Heap Overflow), CVE-2024-38812, CVE-2024-38813 (Patched September 2024)
- Discovery Credit: QiAnXin LegendSec researchers Hao Zheng and Zibo Li (Presented at Black Hat Asia in April 2025)