CVE-2024-37079

Published: Jun 18, 2024Modified: Jan 26, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Affected (44)

Products: Vmware: Cloud Foundation, Vcenter Server

Vmware

2 products

Cloud Foundation

Vcenter Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vmware Cloud Foundation	From 4.0 to 5.2

Configuration B

13 vulnerable

Vulnerable Software	Affected Versions
Vmware Vcenter Server	Version 8.0
Vmware Vcenter Server	Version 8.0 a
Vmware Vcenter Server	Version 8.0 b
Vmware Vcenter Server	Version 8.0 c
Vmware Vcenter Server	Version 8.0 update1
Vmware Vcenter Server	Version 8.0 update1a
Vmware Vcenter Server	Version 8.0 update1b
Vmware Vcenter Server	Version 8.0 update1c
Vmware Vcenter Server	Version 8.0 update1d
Vmware Vcenter Server	Version 8.0 update2
Vmware Vcenter Server	Version 8.0 update2a
Vmware Vcenter Server	Version 8.0 update2b
Vmware Vcenter Server	Version 8.0 update2c

Configuration C

30 vulnerable

Vulnerable Software	Affected Versions
Vmware Vcenter Server	Version 7.0
Vmware Vcenter Server	Version 7.0 a
Vmware Vcenter Server	Version 7.0 b
Vmware Vcenter Server	Version 7.0 c
Vmware Vcenter Server	Version 7.0 d
Vmware Vcenter Server	Version 7.0 update1
Vmware Vcenter Server	Version 7.0 update1a
Vmware Vcenter Server	Version 7.0 update1c
Vmware Vcenter Server	Version 7.0 update1d
Vmware Vcenter Server	Version 7.0 update2
Vmware Vcenter Server	Version 7.0 update2a
Vmware Vcenter Server	Version 7.0 update2b
Vmware Vcenter Server	Version 7.0 update2c
Vmware Vcenter Server	Version 7.0 update2d
Vmware Vcenter Server	Version 7.0 update3
Vmware Vcenter Server	Version 7.0 update3a
Vmware Vcenter Server	Version 7.0 update3c
Vmware Vcenter Server	Version 7.0 update3d
Vmware Vcenter Server	Version 7.0 update3e
Vmware Vcenter Server	Version 7.0 update3f
Vmware Vcenter Server	Version 7.0 update3g
Vmware Vcenter Server	Version 7.0 update3h
Vmware Vcenter Server	Version 7.0 update3i
Vmware Vcenter Server	Version 7.0 update3j
Vmware Vcenter Server	Version 7.0 update3k
Vmware Vcenter Server	Version 7.0 update3l
Vmware Vcenter Server	Version 7.0 update3m
Vmware Vcenter Server	Version 7.0 update3n
Vmware Vcenter Server	Version 7.0 update3o
Vmware Vcenter Server	Version 7.0 update3p

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Source: security@vmware.com

PatchVendor Advisory

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37079

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.