Key Takeaways
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog.
- The vulnerability, CVE-2024-37079, has a CVSS score of 9.8 and could allow remote code execution by sending a specially crafted network packet.
- The flaw was patched by Broadcom in June 2024, but evidence suggests it is being actively exploited in the wild.
- Federal Civilian Executive Branch (FCEB) agencies are required to update to the latest version by February 13, 2026, for optimal protection.
- The vulnerability is part of a set of four vulnerabilities discovered in the DCE/RPC service, including three heap overflows and one privilege escalation.
Introduction to the Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw affecting Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, identified as CVE-2024-37079, has a CVSS score of 9.8 and is considered highly severe. It refers to a heap overflow in the implementation of the DCE/RPC protocol, which could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet. This means that an attacker could potentially gain control over the system and execute malicious code, leading to a range of negative consequences.
Discovery and Patching of the Vulnerability
The vulnerability was discovered by Chinese cybersecurity company QiAnXin LegendSec researchers Hao Zheng and Zibo Li, who reported the issue to Broadcom. The company resolved the vulnerability in June 2024, along with another heap overflow in the implementation of the DCE/RPC protocol, identified as CVE-2024-37080. Both of these vulnerabilities could lead to remote code execution and were considered critical. The researchers also discovered two other flaws, CVE-2024-38812 and CVE-2024-38813, which were patched by Broadcom in September 2024. These vulnerabilities were part of a set of four vulnerabilities discovered in the DCE/RPC service, including three heap overflows and one privilege escalation.
Exploitation of the Vulnerability
The CISA has confirmed that the vulnerability is being actively exploited in the wild, although the details of the exploitation are not yet known. It is not clear who is behind the exploitation or the scale of the attacks. However, Broadcom has updated its advisory to officially confirm in-the-wild abuse of the vulnerability. The company stated that it has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild. This is a concerning development, as it suggests that attackers are actively targeting this vulnerability to gain access to vulnerable systems.
Consequences and Required Actions
In light of the active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to update to the latest version of the software by February 13, 2026, for optimal protection. This is a critical step to prevent further exploitation of the vulnerability and to protect sensitive systems and data. The update is necessary to ensure that the vulnerability is patched and that the system is secure. It is also essential for organizations to be aware of the vulnerability and to take steps to protect themselves, including updating their systems and monitoring for any signs of exploitation.
Conclusion and Recommendations
In conclusion, the vulnerability in Broadcom VMware vCenter Server is a critical security flaw that is being actively exploited in the wild. It is essential for organizations to take immediate action to protect themselves, including updating their systems and monitoring for any signs of exploitation. The CISA’s addition of the vulnerability to its Known Exploited Vulnerabilities catalog highlights the severity of the issue and the need for prompt action. By taking the necessary steps, organizations can help to prevent further exploitation and protect their sensitive systems and data. It is also crucial for organizations to stay informed about the latest security threats and to be proactive in their security measures to prevent such vulnerabilities from being exploited.