Tag

Cve 2024 37079

All articles tagged with #cve 2024 37079

technology1 month ago•3 min saved

CISA Tightens Patch Deadline for Actively Exploited VMware vCenter RCE

CISA warns that the actively exploited VMware vCenter Server remote-code-execution flaw CVE-2024-37079 is being used in the wild and orders U.S. federal agencies to patch within three weeks, citing a DCERPC heap overflow that enables easy remote control with no user interaction. Broadcom notes there are no mitigations, advising immediate patches to the latest vCenter Server and Cloud Foundation releases.

via BleepingComputer|

#cisa #cve-2024-37079 #patching

security1 month ago•1 min saved

CISA Flags VMware vCenter RCE Flaw CVE-2024-37079 as Actively Exploited

CISA added CVE-2024-37079, a critical heap-overflow flaw in Broadcom VMware vCenter Server, to the KEV catalog after evidence of active exploitation; Broadcom patched CVE-2024-37079 (and CVE-2024-37080) in June 2024, with researchers Hao Zheng and Zibo Li linking related DCE/RPC flaws; a Black Hat Asia 2025 presentation notes two additional CVEs (CVE-2024-38812/38813) patched later, and federal agencies must upgrade to the latest version by Feb 13, 2026 to stay protected.

via The Hacker News|

#cisa #cve-2024-37079 #exploitation