Full Report
If you skipped it back then, now’s a very good time You've got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.…
Analysis Summary
# Vulnerability: Critical VMware vCenter Server Out-of-Bounds Write Exploited
## CVE Details
- CVE ID: CVE-2024-37079
- CVSS Score: 9.8 (Critical)
- CWE: Out-of-bounds Write (Implied by description)
## Affected Systems
- Products: VMware vCenter Server
- Versions: Details on specific vulnerable versions are not listed, but the patch was released prior to June 18, 2024.
- Configurations: Systems accessible over the network using the DCERPC protocol.
## Vulnerability Description
This critical vulnerability is an Out-of-Bounds Write flaw residing in the implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Calls) protocol within VMware vCenter Server. Successful exploitation allows a remote, unauthenticated attacker with network access to send specially crafted network packets to the server.
## Exploitation
- Status: Exploited in the wild (Confirmed by Broadcom and CISA KEV listing)
- Complexity: Low (Implied by network access vector and critical rating)
- Attack Vector: Network
## Impact
- Confidentiality: Likely High (Potential for RCE usually implies arbitrary read/write capabilities)
- Integrity: High (Potential for Remote Code Execution)
- Availability: High (Potential for Remote Code Execution leading to system compromise)
## Remediation
### Patches
- Patches were made available by Broadcom prior to June 18, 2024. Users must apply the relevant security update provided by Broadcom for their specific vCenter Server version.
### Workarounds
- Ensure vCenter Server is **never** exposed directly to the public internet. Attackers are likely gaining access via an existing foothold in the victim environment.
## Detection
- **Indicators of Compromise:** While specific IOCs are not detailed, monitoring network traffic destined for vCenter Server, particularly unusual DCERPC activity, is recommended.
- **Detection Methods and Tools:** Refer to Broadcom's security advisory for technical indicators related to the patch deployment timing or post-patch compliance checks. CISA's KEV listing should be cross-referenced for current threat activity.
## References
- Vendor Advisory: hxxps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
- CISA KEV Listing: hxxps://www.cisa.gov/news-events/alerts/2026/01/23/cisa-adds-one-known-exploited-vulnerability-catalog
- Technical Details (ZDI): hxxps://www.zerodayinitiative.com/blog/2024/8/27/cve-2024-37079-vmware-vcenter-server-integer-underflow-code-execution-vulnerability