Critical VMware vCenter Vulnerability Added to CISA’s Exploited Flaws Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-37079, a critical vulnerability in Broadcom’s VMware vCenter Server, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. The flaw, disclosed by Broadcom, is an out-of-bounds write issue in the DCERPC protocol implementation, allowing unauthenticated attackers with network access to execute remote code and potentially gain full control of affected systems.
As the centralized management platform for VMware vSphere environments, a compromised vCenter Server could enable lateral movement across virtualized infrastructure, making this a high-risk threat for enterprises. The vulnerability (CWE-787) requires no user interaction, increasing its appeal to initial access brokers and ransomware groups, though CISA has not yet confirmed its use in ransomware campaigns.
CISA’s addition of the flaw to the KEV catalog on January 23, 2026, mandates that Federal Civilian Executive Branch (FCEB) agencies remediate it by February 13, 2026. Broadcom has released patches, and organizations are advised to upgrade to the latest secure versions of vCenter Server. Additional mitigation measures include network segmentation to restrict vCenter access to trusted administrative networks, monitoring for anomalous DCERPC traffic, and auditing access logs for unauthorized attempts.
With the remediation deadline approaching, enterprises must act swiftly to prevent exploitation by automated attack tools.
Source: https://cybersecuritynews.com/vmware-vcenter-rce-vulnerability/
VMware cybersecurity rating report: https://www.rankiteo.com/company/vmware
Federal Bank cybersecurity rating report: https://www.rankiteo.com/company/federal-bank
"id": "VMWFED1769279335",
"linkid": "vmware, federal-bank",
"type": "Vulnerability",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Enterprises using VMware '
'vCenter Server',
'industry': 'Information Technology',
'name': 'Broadcom (VMware)',
'type': 'Technology/Virtualization'}],
'attack_vector': 'Network access to vCenter Server via DCERPC protocol',
'description': 'CISA has added CVE-2024-37079, a critical vulnerability in '
'Broadcom’s VMware vCenter Server, to its Known Exploited '
'Vulnerabilities (KEV) catalog after confirming active '
'exploitation in the wild. The flaw is an out-of-bounds write '
'issue in the DCERPC protocol implementation, allowing '
'unauthenticated attackers with network access to execute '
'remote code and potentially gain full control of affected '
'systems. A compromised vCenter Server could enable lateral '
'movement across virtualized infrastructure, posing a '
'high-risk threat to enterprises.',
'impact': {'operational_impact': 'Potential full control of virtualized '
'environments, lateral movement',
'systems_affected': 'VMware vCenter Server, virtualized '
'infrastructure'},
'initial_access_broker': {'entry_point': 'Unauthenticated network access to '
'vCenter Server via DCERPC protocol',
'high_value_targets': 'Virtualized infrastructure, '
'enterprise environments'},
'investigation_status': 'Active exploitation confirmed, remediation deadline '
'set for FCEB agencies',
'motivation': 'Initial access for lateral movement, potential ransomware '
'deployment',
'post_incident_analysis': {'corrective_actions': 'Patch management, network '
'segmentation, enhanced '
'monitoring',
'root_causes': 'Out-of-bounds write vulnerability '
'(CWE-787) in DCERPC protocol '
'implementation'},
'recommendations': 'Upgrade to the latest secure versions of vCenter Server, '
'implement network segmentation, monitor for anomalous '
'DCERPC traffic, and audit access logs for unauthorized '
'attempts.',
'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'}],
'regulatory_compliance': {'regulatory_notifications': 'CISA KEV catalog '
'addition mandates '
'remediation for FCEB '
'agencies by February '
'13, 2026'},
'response': {'containment_measures': 'Network segmentation to restrict '
'vCenter access to trusted '
'administrative networks',
'enhanced_monitoring': 'Monitoring for anomalous DCERPC traffic, '
'auditing access logs for unauthorized '
'attempts',
'network_segmentation': 'Recommended',
'remediation_measures': 'Upgrade to the latest secure versions '
'of vCenter Server'},
'title': 'Critical VMware vCenter Vulnerability Added to CISA’s Exploited '
'Flaws Catalog',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2024-37079 (CWE-787 - Out-of-bounds Write)'}