CISA Adds Critical VMware vCenter RCE Flaw to Exploited Catalog

VMware vCenter vulnerability CVE-2024-37079 CISA directive actively exploited vulnerability cybersecurity vCenter Server security zero trust security
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
January 28, 2026 2 min read

TL;DR

This article details CVE-2024-37079, a critical VMware vCenter Server vulnerability that is actively exploited. The flaw, a heap overflow in the DCERPC protocol, allows for remote code execution without privileges. CISA has mandated federal agencies to patch their systems, emphasizing the urgent need for organizations to secure their virtualization environments by applying Broadcom's security patches.

Critical VMware vCenter Server Flaw Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers. This vulnerability, identified as CVE-2024-37079, stems from a heap overflow weakness in the DCERPC protocol implementation.

Technical Details of CVE-2024-37079

CVE-2024-37079 is a heap overflow vulnerability found in the DCERPC protocol implementation within VMware vCenter Server. A threat actor with network access can exploit this flaw by sending a specially crafted network packet. Successful exploitation leads to remote code execution without requiring privileges or user interaction. Broadcom, the parent company of VMware, advised customers to apply the necessary security patches immediately.

CISA's Directive and Broadcom's Confirmation

CISA added the vulnerability to its catalog of flaws exploited in the wild and has given Federal Civilian Executive Branch (FCEB) agencies until February 13th to secure their systems, as mandated by Binding Operational Directive (BOD) 22-01. Broadcom has updated its original advisory to confirm active exploitation of CVE-2024-37079.

Discovery and Related Vulnerabilities

Researchers Hao Zheng and Zibo Li from QiAnXin LegendSec are credited with discovering and reporting CVE-2024-37079. They presented their findings at the Black Hat Asia security conference, detailing how this vulnerability, along with CVE-2024-37080, CVE-2024-38812 and CVE-2024-38813, could be chained to achieve unauthorized remote root access.

Threat Landscape and Exploitation

While the specific details of how CVE-2024-37079 is being exploited remain unclear, virtualization infrastructure, including VMware vCenter Server, remains a prime target for malicious actors. Caitlin Condon, VP of security research at VulnCheck, noted that older public vulnerability information is often leveraged in new attacks. Organizations should ensure that vCenter Servers are not exposed to the public internet to mitigate potential threats. Gopher Security’s AI-powered, post-quantum Zero‑Trust cybersecurity architecture provides robust protection against such vulnerabilities by converging networking and security across all environments, utilizing peer-to-peer encrypted tunnels and quantum-resistant cryptography.

Gopher Security: Protecting Against Advanced Threats

Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers—using peer-to-peer encrypted tunnels and quantum-resistant cryptography. Like https://gopher.security, we offer comprehensive cybersecurity solutions tailored to protect against actively exploited vulnerabilities such as CVE-2024-37079.

Ensure your systems are protected against advanced threats. Visit Gopher Security to explore our services or contact us for a consultation.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

Instagram Vulnerability Exposes Private Data of Millions
Instagram security

Instagram Vulnerability Exposes Private Data of Millions

Instagram's private posts exposed, millions affected by data breaches, and new location features pose risks. Discover how Gopher Security's AI-powered Zero-Trust architecture protects your data. Learn more!

By Brandon Woo January 27, 2026 4 min read
common.read_full_article
Closing the Cloud Complexity Gap: Insights from 2026 Security Reports
cloud security

Closing the Cloud Complexity Gap: Insights from 2026 Security Reports

Navigate the escalating complexity of cloud security. Discover how AI, Zero-Trust, and unified ecosystems are essential to combatting modern threats. Learn more!

By Divyansh Ingle January 26, 2026 6 min read
common.read_full_article
AI-Driven Cybersecurity Innovations: The Future of Threat Prevention
AI agents security

AI-Driven Cybersecurity Innovations: The Future of Threat Prevention

AI agents are prime targets for cyberattacks. Discover evolving threats like prompt injection & AI-powered exploits, and learn how to fortify your defenses. Read now!

By Brandon Woo January 22, 2026 5 min read
common.read_full_article
GootLoader Malware Evades Detection Using Nested ZIP Archives
GootLoader

GootLoader Malware Evades Detection Using Nested ZIP Archives

GootLoader is back with advanced tricks, using malformed ZIPs to bypass security & target businesses. Learn how to detect and defend against this threat. Protect your assets!

By Edward Zhou January 21, 2026 3 min read
common.read_full_article