CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-37079, a critical heap overflow in VMware vCenter Server, to its Known Exploited Vulnerabilities (KEV) catalog on January 24, 2026. This addition comes after Broadcom confirmed active, in-the-wild exploitation of the flaw, originally patched in June 2024.

Why This Matters

Ideal security models assume timely patching, but real-world deployments often lag due to complexity and resource constraints. Unpatched critical vulnerabilities like CVE-2024-37079 create significant risk for organizations, potentially leading to complete system compromise and data breaches – incidents which historically cost organizations millions in remediation and fines.

Key Insights

• CVE-2024-37079 (CVSS 9.8): A heap overflow in the DCE/RPC protocol implementation allowing remote code execution.
• DCE/RPC Vulnerabilities: Researchers identified a suite of four related flaws (CVE-2024-37079, CVE-2024-37080, CVE-2024-38812, CVE-2024-38813) impacting the DCE/RPC service.
• Black Hat Asia 2025: QiAnXin LegendSec researchers Hao Zheng and Zibo Li presented their findings on these vulnerabilities, highlighting potential for full ESXi compromise via chaining.

Practical Applications

• Use Case: Large enterprises utilizing VMware vCenter for virtualization are now required to prioritize patching to mitigate risk of exploitation.
• Pitfall: Reliance on vulnerability scanners without proactive threat intelligence feeds may delay detection and remediation of actively exploited flaws like CVE-2024-37079.

References:

• https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html