CVE-2024-37080

Name of the Vulnerable Software and Affected Versions VMware vCenter Server (affected versions not specified)

Description The issue is a heap-overflow vulnerability in the implementation of the DCERPC protocol within VMware vCenter Server. A malicious actor with network access can trigger this by sending a specially crafted network packet, potentially leading to remote code execution. The vulnerability is due to improper memory handling during the processing of DCERPC protocol requests. The DCERPC protocol is a remote procedure call mechanism used for communication between different components of the vCenter Server. Exploitation allows an unauthenticated attacker to execute arbitrary code on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.