CISA Adds Critical VMware vCenter RCE Flaw to Exploited Vulnerabilities List

CISA has added CVE-2024-37079, a critical remote code execution vulnerability in VMware vCenter Server, to its Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild.

The flaw affects Broadcom's VMware vCenter Server, the centralized management platform for VMware vSphere environments. Organizations relying on vCenter for virtualization management face significant risk, as compromise of this system can provide attackers with lateral movement capabilities across entire virtualized infrastructures.

Vulnerability Details

CVE-2024-37079 is an out-of-bounds write vulnerability in vCenter Server's DCERPC (Distributed Computing Environment / Remote Procedure Calls) protocol implementation. The flaw stems from improper memory handling that allows unauthenticated attackers to trigger remote code execution by sending specially crafted network packets.

The attack vector is strictly network-based and requires no user interaction, making it particularly dangerous for internet-exposed management interfaces. While CISA has not confirmed use in ransomware campaigns, the vulnerability's characteristics make it highly attractive to initial access brokers and ransomware operators.

CISA Mandate

Federal Civilian Executive Branch agencies must remediate the vulnerability by February 13, 2026. CISA urges all organizations to prioritize patching immediately or discontinue use if mitigations are unavailable.

Recommendations

Organizations should apply patches from Broadcom's security advisory immediately. Security teams should ensure vCenter management interfaces are not exposed to the public internet, restrict access to trusted administrative networks, implement monitoring for anomalous DCERPC traffic, and audit access logs for unauthorized connection attempts.

Broadcom has released updates addressing this vulnerability.