"The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the implementation of the DCE/RPC protocol that could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet. It was resolved by Broadcom in June 2024, along with CVE-2024-37080, another heap overflow in the implementation of the DCE/RPC protocol that could lead to remote code execution."
"It's currently not known how CVE-2024-37079 is being exploited, if it's the work of any known threat actor or group, or the scale of such attacks. However, Broadcom has since updated its advisory to officially confirm in-the-wild abuse of the vulnerability. "Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild," the company said in its update."
CVE-2024-37079 is a CVSS 9.8 heap overflow in VMware vCenter Server's DCE/RPC implementation that can enable remote code execution via a crafted network packet from an attacker with network access. Broadcom patched CVE-2024-37079 and CVE-2024-37080 in June 2024 and later patched CVE-2024-38812 and CVE-2024-38813 in September 2024. Researchers reported a set of four vulnerabilities in the DCE/RPC service, including three heap overflows and one privilege escalation, and demonstrated that a heap overflow can chain with CVE-2024-38813 to achieve unauthorized root access and control of ESXi. CISA added CVE-2024-37079 to the Known Exploited Vulnerabilities catalog after evidence of active exploitation, and Federal Civilian Executive Branch agencies are required to update to the latest version.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]