CISA Warns: Critical VMware vCenter RCE Vulner Vulnerability Exploited

A critical vulnerability impacting Broadcom’s VMware vCenter Server has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.

This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild, posing a significant risk to enterprise environments that rely on vCenter for virtualization management.

The vulnerability, originally disclosed by Broadcom, is classified as an out-of-bounds write issue situated within the implementation of the DCERPC (Distributed Computing Environment / Remote Procedure Calls) protocol.

Successful exploitation allows a malicious actor with network access to the vCenter Server to execute remote code, potentially gaining full control over the affected system.

Technical Analysis of CVE-2024-37079

This flaw stems from improper memory handling in the DCERPC protocol implementation. An unauthenticated attacker can trigger the vulnerability by sending specially crafted network packets to the vCenter Server.

Because vCenter Server is the centralized management utility for managing VMware vSphere environments, a compromise here often provides attackers with lateral movement capabilities across the entire virtualized infrastructure.

While the vulnerability is associated with CWE-787 (Out-of-bounds Write), it is particularly dangerous because it does not require user interaction. The attack vector is strictly network-based.

Although CISA’s current data lists the “Known To Be Used in Ransomware Campaigns” status as “Unknown,” the nature of the flaw makes it a highly attractive entry point for initial access brokers and ransomware groups.

CISA Mandate and Remediation

By adding CVE-2024-37079 to the KEV catalog on January 23, 2026, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies remediate this vulnerability by February 13, 2026.

The agency advises all organizations, not just federal entities, to prioritize patching this flaw immediately. The recommended action is to apply the vendor-provided mitigations or discontinue use of the product if mitigations are unavailable.

Broadcom has released updates for vCenter Server to address this issue, and administrators are urged to upgrade to the latest secure versions.

To secure virtualization infrastructure against this threat, security teams should take the following steps:

• Patch Immediately: Apply the relevant patches provided in Broadcom’s security advisory.
• Network Segmentation: Ensure that vCenter Server interfaces are not exposed to the public internet. Restrict access to the vCenter management interface to trusted administrative networks only.
• Monitor Traffic: Implement network monitoring to detect anomalous DCERPC traffic directed at vCenter servers.
• Review Logs: Audit access logs for unauthorized attempts to connect to the management interface.

With the due date set for mid-February, organizations have a limited window to address this critical exposure before it becomes a standard target for automated exploitation tools.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.