CVE-2024-37079

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to 8.0U2d, 8.0U1e, and 7.0U3r

Description VMware vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. This out-of-bounds write flaw allows a malicious actor with network access to trigger the vulnerability by sending a specially crafted network packet, potentially leading to remote code execution. The vulnerability is actively being exploited in the wild, and CISA has added it to its Known Exploited Vulnerabilities Catalog. Successful exploitation can enable broad takeover and lateral movement across an organization’s virtual infrastructure. The vulnerability is rated with a CVSS score of 9.8, indicating critical severity.

Recommendations Update VMware vCenter Server to version 8.0U2d or later. Update VMware vCenter Server to version 8.0U1e or later. Update VMware vCenter Server to version 7.0U3r or later.