CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-37079

CVSS 9.8v3.1pub. 2024-06-18upd. 2026-01-26

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

🤖 AI Analysis
How it works

An attacker with network access to vCenter Server can send a specially crafted network packet that triggers a heap overflow during DCERPC protocol processing. A write error outside buffer boundaries (CWE-787) can lead to hijacking control of the process execution flow. As a result, remote execution of arbitrary code (RCE) is possible without the need for any privileges or user interaction.

Impact

An attacker can gain the ability to execute code remotely on the vCenter Server, which in practice means complete takeover of control over the virtual infrastructure management environment.

Mitigation & patch

Patches available from the vendor should be applied according to the references — detailed information about patched versions can be found in the Broadcom bulletin: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Who is affected

VMware vCenter Server and VMware Cloud Foundation — versions indicated in the vendor's references (Broadcom advisory number 24453)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • VMware Cloud Foundation

    APP
    Vmware
    4.0 – 5.2 (bez)
  • VMware Vcenter Server

    APP
    Vmware
    7.08.0

CISA KEV — detailsi

Vendori
Broadcom
Producti
VMware vCenter Server
Added to KEVi
January 23, 2026
Remediation deadline (US Federal)i
February 13, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 13 lutego 2026
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt

VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process

CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt

VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE

CVE-2023-34048CRITICAL9.8⚠ KEVten sam produkt

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A m...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2021-22005CRITICAL9.8⚠ KEVten sam produkt

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...