CVE-2024-37079: 
vSphere vCenter Server vulnerability analysis and mitigation

CVE-2024-37079 is a critical heap-overflow vulnerability discovered in VMware vCenter Server's implementation of the DCERPC protocol. The vulnerability was disclosed on June 17, 2024, affecting VMware vCenter Server and Cloud Foundation products. This security flaw was responsibly reported to VMware by security researchers Hao Zheng and Zibo Li from TianGong Team of Legendsec at Qi'anxin Group (VMware Advisory).

The vulnerability is classified as a heap-overflow issue in the DCERPC protocol implementation within vCenter Server. It has received a Critical severity rating with a CVSS v3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating the highest level of severity. The vulnerability affects multiple versions of vCenter Server including versions 7.0 and 8.0, as well as Cloud Foundation versions 4.x and 5.x (VMware Advisory).

If successfully exploited, this vulnerability could allow an attacker to achieve remote code execution on affected systems. The critical CVSS score of 9.8 indicates that successful exploitation could result in a complete compromise of the target system's confidentiality, integrity, and availability (VMware Advisory).

VMware has released patches to address this vulnerability. For vCenter Server 8.0, users should upgrade to version 8.0 U2d or 8.0 U1e. For vCenter Server 7.0, users should upgrade to version 7.0 U3r. For Cloud Foundation 5.x and 4.x, users should refer to KB88287. VMware has investigated in-product workarounds but determined they were not viable (VMware Advisory).