Connect with us

Hi, what are you looking for?

Technology

CISA Flags VMware Vulnerability as Critical Federal Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical vulnerability in VMware’s software, which poses significant risks to federal systems. This flaw, designated as CVE-2024-37079, affects the centralized management utility of VMware’s vCenter Server, developed by Broadcom. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the potential for serious security breaches.

The exploit allows for remote code execution (RCE) or privilege escalation through specially crafted network packets. This vulnerability arises from a heap-overflow issue within the Distributed Computing Environment/Remote Procedure Calls (DCE/RPC), a framework enabling programs to call procedures on remote systems as though they were local. Notably, this vulnerability has received a critical Common Vulnerability Scoring System (CVSS) rating of 9.8.

Security Measures and Exploitation in the Wild

Broadcom responded to the discovery of this vulnerability by issuing patches for versions 7.0 and higher of vCenter Server in 2024. Despite these updates, CISA has reported instances of exploitation in the wild. The agency has stated that it remains unclear whether this vulnerability has been leveraged in any ransomware attacks to date.

This incident follows a recent security briefing from the National Security Agency (NSA) and CISA, which revealed another critical exploit affecting VMware vSphere. This particular breach enabled malicious actors to extract credentials by accessing cloned virtual machine (VM) snapshots and create rogue VMs using vCenter servers and the VMware ESXi hypervisor.

In a separate development earlier this month, another VMware exploitation campaign emerged. Attackers employed a custom exploit chain to escape from a VMware guest VM, executing malicious code directly on the ESXi hypervisor. Similar to the previous vulnerabilities discussed by the NSA, this guest-to-host exploit has been linked to threat actors operating from regions where Chinese is predominantly spoken.

As organizations continue to navigate the complexities of cybersecurity, the importance of timely updates and awareness of potential vulnerabilities cannot be overstated. The ongoing scrutiny of VMware’s software underscores the critical nature of maintaining robust security measures in an increasingly interconnected digital landscape.

You May Also Like

Entertainment

The 15th annual Friends of the Library of Hawaiʻi Music & Book Sale took place on January 18, 2026, at Ward Centre in Honolulu,...

World

The U.S. Department of War marked the transition from 2025 to 2026 with significant updates, culminating in the historic capture of Venezuelan leader Nicolás...

World

U.S. futures experienced a decline on Monday as markets across Asia showed notable gains. This shift occurred after Federal Reserve Chair Jerome Powell revealed...

Technology

A new magnetic-suspension hoverboard has emerged, thanks to YouTuber Colin Furze. This innovative creation, which revisits a concept popularized by the film Back to...

Top Stories

URGENT UPDATE: A vintage stoplight has been stolen from a home in Guthrie, and the owners are in a race against time to recover...

Top Stories

UPDATE: Major revelations about the highly anticipated second season of Heated Rivalry have just surfaced, igniting excitement among fans eager to see how the...

Sports

Following a gripping match on December 29, 2023, episode of WWE RAW, Nikki Bella took the opportunity to clarify the distinctiveness of her submission...

Health

A long-term study has uncovered that significant declines in physical fitness and strength commence around age 35 and persist through midlife. The research, conducted...

Sports

Jacob Laverman has transformed his early life on a farm in Ocheyedan, Iowa, into a thriving career in sports medicine, culminating in a prominent...

Top Stories

UPDATE: The highly anticipated Rose Bowl featuring the Alabama Crimson Tide against the Indiana Hoosiers kicks off today at 4:00 PM ET in Pasadena,...

Education

After a prolonged budget impasse, Pennsylvania’s school districts are set to benefit from a newly adopted state budget of $50.09 billion, which includes substantial...

Science

A small research team is revealing the rapid growth of datacenter infrastructure in the United States through innovative mapping techniques. According to a report...

Top Stories

Beeks Financial Cloud Group (LON: BKS) announced its quarterly earnings on December 18, 2023, revealing a profit of GBX 0.75 per share. The company’s...

Health

New dietary guidelines issued by the U.S. Department of Health and Human Services are urging parents to limit added sugars in their children’s diets...

Technology

Samsung is reportedly set to enhance the battery performance of its upcoming Galaxy Watch 9. According to a recent leak, the smartwatch may feature...

World

American Airlines has announced plans to resume nonstop flights from the United States to Venezuela, marking a significant move as the first U.S. airline...

Copyright © All rights reserved. This website provides general news and educational content for informational purposes only. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. The content should not be considered professional advice of any kind. Readers are encouraged to verify facts and consult appropriate experts when needed. We are not responsible for any loss or inconvenience resulting from the use of information on this site.