VMWare Products Multiple Vulnerabilities

Release Date: 26 Jan 2026

RISK: Extremely High Risk

TYPE: Operating Systems - VM Ware

Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system.

 

Note: CVE-2024-37079 is actively exploited in the wild. A malicious actor with network access to vCenter Server may trigger CVE-2024-37079 by sending specially crafted network packets, potentially leading to remote code execution. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Remote Code Execution
• Elevation of Privilege

---

System / Technologies affected

• VMware  vCenter Server 7.0
• VMware  vCenter Server 8.0
• VMware Cloud Foundation 4.x
• VMware Cloud Foundation 5.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

---

Vulnerability Identifier

• CVE-2024-37079
• CVE-2024-37080
• CVE-2024-37081

---

Source

• VMware

---

Related Link

• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453