CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

Posted on By CWS

Ravie LakshmananJan 24, 2026Vulnerability / Enterprise Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Friday added a important safety flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation within the wild.
The vulnerability in query is CVE-2024-37079 (CVSS rating: 9.8), which refers to a heap overflow within the implementation of the DCE/RPC protocol that might permit a nasty actor with community entry to vCenter Server to realize distant code execution by sending a specifically crafted community packet.
It was resolved by Broadcom in June 2024, together with CVE-2024-37080, one other heap overflow within the implementation of the DCE/RPC protocol that might result in distant code execution. Chinese language cybersecurity firm QiAnXin LegendSec researchers Hao Zheng and Zibo Li had been credited with discovering and reporting the problems.

In a presentation on the Black Hat Asia safety convention in April 2025, the researchers stated the 2 flaws are a part of a set of 4 vulnerabilities – three heap overflows and one privilege escalation – that had been found within the DCE/RPC service. The 2 different flaws, CVE-2024-38812 and CVE-2024-38813, had been patched by Broadcom in September 2024.
Specifically, they discovered that one of many heap overflow vulnerabilities might be chained with the privilege escalation vulnerability (CVE-2024-38813) to realize unauthorized distant root entry and in the end achieve management over ESXi.
It is at present not identified how CVE-2024-37079 is being exploited, if it is the work of any identified menace actor or group, or the size of such assaults. Nonetheless, Broadcom has since up to date its advisory to formally verify in-the-wild abuse of the vulnerability.
“Broadcom has info to recommend that exploitation of CVE-2024-37079 has occurred within the wild,” the corporate stated in its replace.
In mild of energetic exploitation, Federal Civilian Government Department (FCEB) companies are required to replace to the most recent model by February 13, 2026, for optimum safety.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack The Hacker News
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass The Hacker News
Hacktivist Surge: 149 DDoS Attacks Across 16 Nations Hacktivist Surge: 149 DDoS Attacks Across 16 Nations The Hacker News
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems The Hacker News
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users The Hacker News
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands The Hacker News