CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom\u2019s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n
This addition confirms that active exploitation of CVE-2024-37079<\/a> has been detected in the wild, posing a significant risk to enterprise environments that rely on vCenter for virtualization management.<\/p>\n The vulnerability, originally disclosed by Broadcom, is classified as an out-of-bounds write issue situated within the implementation of the DCERPC (Distributed Computing Environment \/ Remote Procedure Calls) protocol.<\/p>\n Successful exploitation allows a malicious actor with network access to the vCenter Server to execute remote code, potentially gaining full control over the affected system.<\/p>\n This flaw stems from improper memory handling in the DCERPC protocol implementation. An unauthenticated attacker can trigger the vulnerability by sending specially crafted network packets to the vCenter Server.<\/p>\n Because vCenter Server is the centralized management utility for managing VMware vSphere environments, a compromise here often provides attackers with lateral movement capabilities across the entire virtualized infrastructure.<\/p>\n While the vulnerability is associated with CWE-787 (Out-of-bounds Write<\/a>), it is particularly dangerous because it does not require user interaction. The attack vector is strictly network-based.<\/p>\n Although CISA\u2019s current data lists the \u201cKnown To Be Used in Ransomware Campaigns\u201d status as \u201cUnknown,\u201d the nature of the flaw makes it a highly attractive entry point for initial access brokers and ransomware groups.<\/p>\n By adding CVE-2024-37079 to the KEV catalog on January 23, 2026, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies remediate this vulnerability by February 13, 2026.<\/p>\n The agency advises<\/a> all organizations, not just federal entities, to prioritize patching this flaw immediately. The recommended action is to apply the vendor-provided mitigations or discontinue use of the product if mitigations are unavailable. <\/p>\n Broadcom has released<\/a> updates for vCenter Server to address this issue, and administrators are urged to upgrade to the latest secure versions.<\/p>\n To secure virtualization infrastructure against this threat, security teams should take the following steps:<\/p>\n With the due date set for mid-February, organizations have a limited window to address this critical exposure before it becomes a standard target for automated exploitation tools.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nTechnical Analysis of CVE-2024-37079<\/strong><\/h2>\n
CISA Mandate and Remediation<\/strong><\/h2>\n
\n