CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-37080

Critical Severity
Vmware
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.02676/1

CVE-2024-37080 is a critical heap-overflow vulnerability found in VMware vCenter Server's DCERPC protocol implementation. This vulnerability allows a remote attacker with network access to potentially execute arbitrary code by sending a crafted network packet to the vCenter Server. With a SOCRadar Vulnerability Risk Score (SVRS) of 84, CVE-2024-37080 requires immediate attention and remediation. The high SVRS, combined with its designation as "In The Wild", indicates active exploitation and a heightened risk profile. Successful exploitation could lead to complete system compromise, data breaches, and significant disruption of services. Given the critical nature of vCenter Server in managing virtual infrastructure, patching this vulnerability is crucial to maintain the security and integrity of the environment. The associated CWE-787 further clarifies that the vulnerability is related to out-of-bounds write.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-06-18
LAST MODIFIED2025-03-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
Pierluigi Paganini2024-11-18
Recently disclosed VMware vCenter Server bugs are actively exploited in attacks | Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns that the two VMware vCenter Server vulnerabilities CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild. &#8220;Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.&#8221; [&#8230;] <
securityaffairs.co
rss
forum
news
Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) - Help Net Security
2024-06-18
Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) - Help Net Security | News Content: VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” the company said, but noted that they are currently not aware of them being exploited “in the wild”. The vulnerabilities VMware vCenter Server is a popular server management solution
google.com
rss
forum
news
24th June – Threat Intelligence Report - Check Point Research
2024-06-24
24th June – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and Canada. This incident led to significant operational disruptions, impacting vehicle sales and dealer services. The BlackSuit ransomware, introduced in May 2023, is reportedly a continuation or new version of what was previously known as the
google.com
rss
forum
news
July Patch Tuesday review: 142 vulnerabilities, two zero-days, two PoCs
Mike (Action1)2024-07-09
July Patch Tuesday review: 142 vulnerabilities, two zero-days, two PoCs | Here comes July’s Patch Tuesday and the latest edition of Vulnerability Digest from Action1! Microsoft has addressed 142 vulnerabilities, two zero-days (CVE-2024-38112 and CVE-2024-38080) and two have proof of concept (PoC) available. In today’s vulnerability digest, we cover both Microsoft and third-party apps, including Google Chrome, Android, OpenSSH, Splunk, CocoaPods for Swift, Cisco, Juniper, GitLab, FileCatalyst, Siemens, MOVEit Transfer, and VMware. <p
cve-2024-38080
cve-2024-38112
cve-2024-2973
cve-2024-6387
Patches de emergência para vCenter Server
Paulo Brito2024-06-19
Patches de emergência para vCenter Server | A VMware anunciou patches urgentes para três vulnerabilidades graves do vCenter Server. Elas podem permitir a execução remota de código ou escalonamento de privilégios. Duas são de heap-overflow, catalogadas como CVE-2024-37079 e CVE-2024-37080 (ambas com gravidade crítica CVSS 9.8), impactam a implementação do protocolo DCERPC. Veja issoVMware confirma falha no vCenter explorada em ataquesVMware corrige [&#8230;]
cve-2024-37079
cve-2024-37080
cves
server
24th June – Threat Intelligence Report - Check Point Research - Check Point Research
2024-06-24
24th June – Threat Intelligence Report - Check Point Research - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and Canada. This incident led to significant operational disruptions, impacting vehicle sales and dealer services. The BlackSuit ransomware, introduced in May 2023, is reportedly a continuation or new version of what was previously
cve-2024-37081
cve-2024-36680
cve-2024-6045
cve-2024-37079
24th June – Threat Intelligence Report
hagarb2024-06-24
24th June – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and [&#8230;] The post 24th June – Threat Intelligence Report appeared first on Check Point Research<
cve-2024-37081
cve-2024-36680
cve-2024-37080
cve-2024-37079

Social Media

New Post: Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) https://t.co/gxX7jnKOrc
0
0
0
Impact on Telco Cloud: Vulnerabilities in vCenter (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081). More details https://t.co/a9Y0IgIC0i https://t.co/NvZyeIG84F
0
0
0
Am 17. Juni 2024 hat VMware zwei kritische Schwachstellen (CVE-2024-37079 und CVE-2024-37080) offengelegt, die vCenter Server und Cloud Foundation betreffen. Hier finden Sie die Empfehlungen von Arctic Wolf. #EndCyberRisk https://t.co/SDNirZK1h3
0
0
0
CVE-2024-37080: otra vulnerabilidad de desbordamiento de heap en el protocolo DCERPC de vCenter Server. Permite a un atacante con acceso a la red explotar el desbordamiento de heap mediante el envío de paquetes crafteados, lo que puede dar lugar a la ejecución remota de código.
1
0
0
CVE-2024-37079 &amp; CVE-2024-37080 (CVSS scores: 9.8) Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol! They could allow a hacker with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet
0
0
0
On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 &amp; CVE-2024-37080) affecting vCenter Server and Cloud Foundation. Find Arctic Wolf's recommendations. #EndCyberRisk https://t.co/MSPXb2YqUr
0
0
0
On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 &amp; CVE-2024-37080) affecting vCenter Server and Cloud Foundation. Find Arctic Wolf's recommendations: https://t.co/yYATid8uAS #EndCyberRisk
0
0
0
🔒 VMware has patched critical vulnerabilities in vCenter Server, addressing remote code execution and privilege escalation issues (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081). Ensure your systems are updated. More info on Broadcom Support Portal. #CyberSecurity #VMware https://t.co/x6swZnUO8B
0
0
1
⚠️VMware/Broadcom hat mit der CVE-2024-37079, CVE-2024-37080 sowie der CVE-2024-37081 Schwachstellen bekannt gegeben. ⚠️ 👉Weitere Infos &amp; Handlungsempfehlung unter https://t.co/kpdqWsI28R #itsicherheit #ITSecurity #vmware #handlungsempfehlung #schwachstellen #kissystemhaus https://t.co/2w4YPeRJhA
0
0
0
Quickly built a @pdnuclei template for easy scanning against this fresh vCenter (potential) RCE (+privesc) tagged with VMSA-2024-0012, CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 (https://t.co/4UqezPlj54) Here it is: https://t.co/7fQJcljyY8
0
7
16

Affected Software

Configuration 1
TypeVendorProduct
AppVmwarevcenter_server

References

ReferenceLink
[email protected]https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
AF854A3A-2127-422B-91AE-364DA2661108https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
[email protected]https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence