CISA has added a critical VMware vCenter Server vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The flaw is tracked as CVE‑2024‑37079 with a CVSS score of 9.8. It was originally patched in June 2024 and stems from a heap overflow weakness in vCenter Server’s DCERPC protocol implementation. Review the Cybersecurity Threat Advisory now for more information to protect you and your clients’ environments.
What is the threat?
CVE‑2024‑37079 is a heap overflow vulnerability within the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol used by vCenter Server. Improper bounds checking during network packet processing can cause a heap memory overflow, enabling remote code execution.
Why is it noteworthy?
Although VMware issued patches in June 2024 for vCenter Server 7.0 and later, CISA has now confirmed that attackers are exploiting this vulnerability in the wild. While it remains unclear whether the flaw has been used in ransomware campaigns, CISA notes that CVE‑2024‑37079 is a common attack vector for malicious actors.
What is the exposure or risk?
Organizations running VMware vCenter Server face significant risk. Threat actors can send specially crafted network packets to trigger remote code execution. The attack is low‑complexity, requires no privileges on the target system, and does not rely on user interaction—making it particularly attractive for adversaries seeking rapid privilege escalation within a network.
What are the recommendations?
Barracuda recommends taking the following steps to reduce exposure and mitigate risk:
- Apply all VMware vCenter Server security patches immediately.
- Limit network access to vCenter management interfaces so they are only reachable from trusted administrative networks.
- Use strict network segmentation around vCenter Server to contain potential lateral movement.
- Monitor access logs for unusual activity, including crafted packets or signs of memory‑corruption attempts.
- Enforce multi‑factor authentication (MFA) for all administrative and privileged accounts.
References
For more in-depth information about the recommendations, please visit the following links:
- CISA says critical VMware RCE flaw now actively exploited
- 2024 VMware Flaw Now in Attackers’ Crosshairs – SecurityWeek
- VMware security issue flagged by CISA as a federal threat – SDxCentral
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.