A critical security flaw in VMware vCenter Server has just been added to the US CISA's Known Exploited Vulnerabilities catalog, marking a significant development in the ongoing battle against cyber threats. But here's the catch: this vulnerability, CVE-2024-37079, has already been actively exploited in the wild, and the details are chilling.
The vulnerability, with a CVSS score of 9.8, involves a heap overflow in the DCE/RPC protocol implementation. This flaw allows attackers with network access to the vCenter Server to execute malicious code remotely by sending a specially designed network packet. It's a serious issue, as remote code execution can lead to complete system compromise.
What's more controversial is that this vulnerability was actually patched by Broadcom back in June 2024, along with another heap overflow flaw (CVE-2024-37080) in the same protocol. Researchers from QiAnXin LegendSec, a Chinese cybersecurity firm, are credited with discovering and reporting these issues. But here's where it gets intriguing: these flaws are just the tip of the iceberg.
At the Black Hat Asia conference in April 2025, the researchers revealed that CVE-2024-37079 is part of a set of four vulnerabilities found in the DCE/RPC service. The other two, CVE-2024-38812 and CVE-2024-38813, were also patched by Broadcom in September 2024. And this is the part most people miss: one of these heap overflow vulnerabilities can be combined with a privilege escalation vulnerability (CVE-2024-38813) to gain unauthorized remote root access and control over ESXi.
While we don't yet know the full extent of the exploitation of CVE-2024-37079, Broadcom has confirmed its abuse in the wild. This means that threat actors have been actively exploiting this vulnerability, potentially compromising numerous systems.
In response, Federal Civilian Executive Branch agencies are mandated to update to the latest version by February 13, 2026, to ensure maximum protection. This move underscores the severity of the issue and the need for prompt action.
The question remains: how can we stay ahead of these evolving threats? As cybersecurity professionals, we must remain vigilant, continuously updating our defenses and sharing knowledge to protect our digital infrastructure. What are your thoughts on this ongoing challenge?
