CVE-2024-37079 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-06-18

Added to CISA KEV: 2026-01-23 584 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply VMware patches immediately: Update to vCenter Server 8.0 U2d, 8.0 U1e, or 7.0 U3r as appropriate
Implement network segmentation to limit vCenter Server exposure and monitor DCERPC traffic for anomalies
EMERGENCY patch priority - treat as critical infrastructure vulnerability with confirmed active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-37079 is a critical heap-overflow vulnerability affecting VMware vCenter Server, specifically within its implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol ^[1] ^[3].

Key Details

Active Exploitation: Broadcom has confirmed that exploitation of this vulnerability has occurred in the wild ^[1]. It is included in the CISA Known Exploited Vulnerabilities (KEV) catalog ^[2].
Attack Method & Requirements: The vulnerability is network-reachable and can be triggered by a malicious actor sending a specially crafted network packet to the vCenter Server ^[3] ^[4]. It does not require local access or user interaction to exploit.
Impact: Successful exploitation can lead to remote code execution (RCE) on the affected vCenter Server, granting the attacker significant control over the environment ^[3] ^[4].
Severity: It is classified as a critical vulnerability with a maximum CVSSv3 base score of 9.8 ^[4].

Mitigation and Patch Status

Patching: The primary and only recommended remediation is to apply the security updates provided by VMware/Broadcom. In-product workarounds were investigated but determined to be non-viable ^[1].
Affected Versions: Administrators should consult the official [VMware Security Advisory (VMSA-2024-0012)](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453) to identify the specific affected versions and the corresponding fixed versions for their deployment.

While specific details regarding its use in named ransomware campaigns are often sensitive or evolving, its inclusion in the CISA KEV catalog and confirmation of exploitation in the wild indicate that it is a high-priority target for threat actors, including those involved in sophisticated or large-scale attacks ^[2].

Sources