CISA has flagged a critical VMware vCenter Server vulnerability (CVE-2024-37079) as actively exploited and ordered federal civilian agencies to secure affected systems within three weeks. The June 2024 patch fixes a DCERPC heap overflow that allows low-complexity, unauthenticated remote code execution, and Broadcom confirmed active exploitation with no available mitigations beyond applying the update. #CVE-2024-37079 #VMwarevCenter
Keypoints
- CVE-2024-37079 is a heap overflow in the DCERPC implementation of VMware vCenter Server.
- Attackers with network access can trigger remote code execution using a specially crafted packet without privileges or user interaction.
- Broadcom released patches in June 2024 and confirmed the vulnerability is being exploited in the wild.
- CISA added the flaw to its exploited-in-the-wild catalog and ordered FCEB agencies to remediate within three weeks under BOD 22-01.
- No workarounds exist, so affected organizations must apply vendor patches or discontinue use of the product.