CISA Adds Critical VMware vCenter RCE Flaw to Exploited Catalog

VMware vCenter vulnerability CVE-2024-37079 CISA directive actively exploited vulnerability cybersecurity vCenter Server security zero trust security
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
January 27, 2026 2 min read
CISA Adds Critical VMware vCenter RCE Flaw to Exploited Catalog

TL;DR

  • This article details CVE-2024-37079, a critical VMware vCenter Server vulnerability that is actively exploited. The flaw, a heap overflow in the DCERPC protocol, allows for remote code execution without privileges. CISA has mandated federal agencies to patch their systems, emphasizing the urgent need for organizations to secure their virtualization environments by applying Broadcom's security patches.

Critical VMware vCenter Server Flaw Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers. This vulnerability, identified as CVE-2024-37079, stems from a heap overflow weakness in the DCERPC protocol implementation.

Technical Details of CVE-2024-37079

CVE-2024-37079 is a heap overflow vulnerability found in the DCERPC protocol implementation within VMware vCenter Server. A threat actor with network access can exploit this flaw by sending a specially crafted network packet. Successful exploitation leads to remote code execution without requiring privileges or user interaction. Broadcom, the parent company of VMware, advised customers to apply the necessary security patches immediately.

CISA's Directive and Broadcom's Confirmation

CISA added the vulnerability to its catalog of flaws exploited in the wild and has given Federal Civilian Executive Branch (FCEB) agencies until February 13th to secure their systems, as mandated by Binding Operational Directive (BOD) 22-01. Broadcom has updated its original advisory to confirm active exploitation of CVE-2024-37079.

Discovery and Related Vulnerabilities

Researchers Hao Zheng and Zibo Li from QiAnXin LegendSec are credited with discovering and reporting CVE-2024-37079. They presented their findings at the Black Hat Asia security conference, detailing how this vulnerability, along with CVE-2024-37080, CVE-2024-38812 and CVE-2024-38813, could be chained to achieve unauthorized remote root access.

Threat Landscape and Exploitation

While the specific details of how CVE-2024-37079 is being exploited remain unclear, virtualization infrastructure, including VMware vCenter Server, remains a prime target for malicious actors. Caitlin Condon, VP of security research at VulnCheck, noted that older public vulnerability information is often leveraged in new attacks. Organizations should ensure that vCenter Servers are not exposed to the public internet to mitigate potential threats. Gopher Security’s AI-powered, post-quantum Zero‑Trust cybersecurity architecture provides robust protection against such vulnerabilities by converging networking and security across all environments, utilizing peer-to-peer encrypted tunnels and quantum-resistant cryptography.

Gopher Security: Protecting Against Advanced Threats

Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers—using peer-to-peer encrypted tunnels and quantum-resistant cryptography. Like https://gopher.security, we offer comprehensive cybersecurity solutions tailored to protect against actively exploited vulnerabilities such as CVE-2024-37079.

Ensure your systems are protected against advanced threats. Visit Gopher Security to explore our services or contact us for a consultation.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

CVE-2025-15467: Critical OpenSSL RCE and DoS Vulnerability Overview
OpenSSL vulnerability

CVE-2025-15467: Critical OpenSSL RCE and DoS Vulnerability Overview

Urgent: OpenSSL 3.x vulnerable to CVE-2025-15467, enabling pre-auth RCE. Learn affected versions, impact, and immediate mitigation steps. Protect your systems now!

By Divyansh Ingle March 10, 2026 4 min read
common.read_full_article
SolarWinds Patches Critical Web Help Desk RCE Vulnerabilities Now
SolarWinds Web Help Desk

SolarWinds Patches Critical Web Help Desk RCE Vulnerabilities Now

Critical RCE & Auth Bypass flaws in SolarWinds Web Help Desk are fixed! Don't risk it. Update to v2026.1 now to protect your systems. Learn more.

By Edward Zhou March 9, 2026 4 min read
common.read_full_article
AI vs Human Hackers: Who Prevails in 2026 Pen Testing?
AI hacking

AI vs Human Hackers: Who Prevails in 2026 Pen Testing?

Discover the results of a groundbreaking study comparing AI agents and human hackers in web vulnerability exploitation. See who prevails and what it means for your security. Read now!

By Jim Gagnard March 6, 2026 6 min read
common.read_full_article
Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Lead Cyber Intrusions in 2026 Trends

Exploits are now the top intrusion method, outpacing phishing. Discover why rapid vulnerability patching is critical and how to bolster your defenses. Read more!

By Edward Zhou March 4, 2026 4 min read
common.read_full_article