CISA Adds Critical VMware vCenter RCE Flaw to Exploited Catalog

VMware vCenter vulnerability CVE-2024-37079 CISA directive actively exploited vulnerability cybersecurity vCenter Server security zero trust security
Divyansh Ingle
Divyansh Ingle

Head of Engineering

 
January 27, 2026
2 min read
CISA Adds Critical VMware vCenter RCE Flaw to Exploited Catalog

TL;DR

  • This article details CVE-2024-37079, a critical VMware vCenter Server vulnerability that is actively exploited. The flaw, a heap overflow in the DCERPC protocol, allows for remote code execution without privileges. CISA has mandated federal agencies to patch their systems, emphasizing the urgent need for organizations to secure their virtualization environments by applying Broadcom's security patches.

Critical VMware vCenter Server Flaw Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers. This vulnerability, identified as CVE-2024-37079, stems from a heap overflow weakness in the DCERPC protocol implementation.

Technical Details of CVE-2024-37079

CVE-2024-37079 is a heap overflow vulnerability found in the DCERPC protocol implementation within VMware vCenter Server. A threat actor with network access can exploit this flaw by sending a specially crafted network packet. Successful exploitation leads to remote code execution without requiring privileges or user interaction. Broadcom, the parent company of VMware, advised customers to apply the necessary security patches immediately.

CISA's Directive and Broadcom's Confirmation

CISA added the vulnerability to its catalog of flaws exploited in the wild and has given Federal Civilian Executive Branch (FCEB) agencies until February 13th to secure their systems, as mandated by Binding Operational Directive (BOD) 22-01. Broadcom has updated its original advisory to confirm active exploitation of CVE-2024-37079.

Discovery and Related Vulnerabilities

Researchers Hao Zheng and Zibo Li from QiAnXin LegendSec are credited with discovering and reporting CVE-2024-37079. They presented their findings at the Black Hat Asia security conference, detailing how this vulnerability, along with CVE-2024-37080, CVE-2024-38812 and CVE-2024-38813, could be chained to achieve unauthorized remote root access.

Threat Landscape and Exploitation

While the specific details of how CVE-2024-37079 is being exploited remain unclear, virtualization infrastructure, including VMware vCenter Server, remains a prime target for malicious actors. Caitlin Condon, VP of security research at VulnCheck, noted that older public vulnerability information is often leveraged in new attacks. Organizations should ensure that vCenter Servers are not exposed to the public internet to mitigate potential threats. Gopher Security’s AI-powered, post-quantum Zero‑Trust cybersecurity architecture provides robust protection against such vulnerabilities by converging networking and security across all environments, utilizing peer-to-peer encrypted tunnels and quantum-resistant cryptography.

Gopher Security: Protecting Against Advanced Threats

Gopher Security specializes in AI-powered, post-quantum Zero‑Trust cybersecurity architecture. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers—using peer-to-peer encrypted tunnels and quantum-resistant cryptography. Like https://gopher.security, we offer comprehensive cybersecurity solutions tailored to protect against actively exploited vulnerabilities such as CVE-2024-37079.

Ensure your systems are protected against advanced threats. Visit Gopher Security to explore our services or contact us for a consultation.

Divyansh Ingle
Divyansh Ingle

Head of Engineering

 

AI and cybersecurity expert with 15-year large scale system engineering experience. Great hands-on engineering director.

Related News

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits
vulnerability exploits

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits

Vulnerability exploits now account for 40% of cyber intrusions, surpassing phishing. Learn how shrinking patch windows and edge device targets are changing security.

By Brandon Woo April 6, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026
cybersecurity trends 2026

Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026

Vulnerability exploits now drive 40% of cyberattacks as hackers weaponize flaws within hours. Learn why traditional patching is failing and how to adapt. Read more.

By Divyansh Ingle March 30, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions
Vulnerability Exploitation

Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions

Hackers are weaponizing zero-days within hours of disclosure, leaving traditional patch cycles in the dust. Learn how to bridge the security gap with MFA and Zero-Trust.

By Alan V Gutnov March 23, 2026 4 min read
common.read_full_article
Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends

Exploits are the leading cause of cyber intrusions, outpacing phishing. Discover the latest trends and essential strategies to protect your organization. Read now!

By Brandon Woo March 16, 2026 3 min read
common.read_full_article