CVE-2024-37079 & CVE-2024-37080: Critical Heap-overflow Remote Code Execution Vulnerabilities in VMware vCenter Server and Cloud Foundation

Share :

On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 & CVE-2024-37080) affecting vCenter Server and Cloud Foundation. These vulnerabilities stem from a heap-overflow issue in the implementation of the DCERPC protocol which can be exploited by remote threat actors. By sending specially crafted network packets, threat actors could exploit CVE-2024-37079 and CVE-2024-37080 to achieve Remote Code Execution (RCE) on both vCenter Server and Cloud Foundation systems. 

Both vulnerabilities were responsibly reported to VMware by security researchers. Arctic Wolf has not identified any publicly available proof of concept (PoC) exploits for these vulnerabilities. Furthermore, VMware has confirmed that there have been no observed exploits of CVE-2024-37079 and CVE-2024-37080. However, it is important to note that threat actors have targeted multiple previous vulnerabilities in VMware vCenter Server and Cloud Foundation in the past, which have been listed in CISA’s Known Exploited Vulnerabilities Catalog. 

Recommendations for CVE-2024-37079 & CVE-2024-37080 

Arctic Wolf strongly recommends updating to the latest version of vCenter and Cloud Foundation. Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

Product  Vulnerability  Affected Version  Fixed Version 
vCenter Server  CVE-2024-37079, CVE-2024-37080 

  

8.0 
7.0  7.0 U3r 
Cloud Foundation  CVE-2024-37079, CVE-2024-37080  5.x  KB88287 
4.x  KB88287 

References 

 

Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter