Broadcom Releases Critical Security Updates for VMware vCenter Server and Cloud Foundation

Advisory addresses three vulnerabilities that could result in privilege escalation or remote code execution

Threat ID:: CC-4513
Threat Severity:: Medium
Published:: 18 June 2024 3:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Advisory addresses three vulnerabilities that could result in privilege escalation or remote code execution

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 8.0 U2d, 8.0 U1e, 7.0 U3r

VMware vCenter Server

Versions: all prior to KB88287

VMware Cloud Foundation

Threat details

Exploitation of CVE-2024-37079

Broadcom has updated the initial advisory to state that there is information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-37079 to their Known Exploited Vulnerabilities (KEV) Catalog.

Proof-of-concept exploit code for CVE-2024-37081 has been publicly released. Exploitation is considered more likely.

Introduction

Broadcom has issued an advisory addressing three security vulnerabilities in VMware vCenter Server, the centralised management utility for virtual machines and hosts, and VMware Cloud Foundation, the private cloud platform.

Vulnerability details

CVE-2024-37079 is a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. A malicious attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.
CVE-2024-37080 is also a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. A malicious attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.
CVE-2024-37081 is a privilege escalation vulnerability in vCenter Server with a CVSSv3 score of 7.8. An authenticated local attacker with non-administrative privileges could exploit these issues to elevate privileges to root on vCenter Server Appliance.

Threat updates

Date	Update
26 Jan 2026	Exploitation of CVE-2024-37079 observed in the wild.
9 Jul 2024	Proof-of-concept released for exploitation of CVE-2024-37081

Remediation advice

Affected organisations are encouraged to review Broadcom's VMware advisory VMSA-2024-0012 and apply the relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Status Published

CVE-2024-37080

Status Published

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

Last edited: 26 January 2026 12:10 pm