Home

Description

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

PUBLISHED Reserved 2024-06-03 | Published 2024-06-18 | Updated 2026-01-23 | Assigner vmware




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2026-01-23 | Due date 2026-02-13

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

Heap-overflow vulnerability

Product status

Default status
unaffected

8.0 (custom) before 8.0 U2d
affected

8.0 (custom) before 8.0 U1e
affected

7.0 (custom) before 7.0 U3r
affected

Default status
unaffected

5.x
affected

4.x
affected

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2024-37079 government-resource

support.broadcom.com/...l/content/SecurityAdvisories/0/24453

support.broadcom.com/...l/content/SecurityAdvisories/0/24453

cve.org (CVE-2024-37079)

nvd.nist.gov (CVE-2024-37079)

Download JSON