Overview
- CISA added CVE-2024-37079 to its Known Exploited Vulnerabilities catalog and directed FCEB agencies to apply fixes by February 13, 2026.
- CVE-2024-37079 carries a 9.8 CVSS score and allows remote code execution via crafted packets sent to vCenter Server by an attacker with network access.
- Broadcom patched CVE-2024-37079 alongside CVE-2024-37080 in June 2024, and it later fixed related flaws CVE-2024-38812 and CVE-2024-38813 in September 2024.
- Researchers from QiAnXin LegendSec detailed how these DCE/RPC bugs can be chained, noting one heap overflow combined with CVE-2024-38813 can grant remote root access and control of ESXi.
- Authorities and the vendor have not disclosed scope, attribution, or methods of the current exploitation, and experts urge organizations to patch promptly and avoid exposing vCenter to the public internet.