CVE-2024-37079 - Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability

Vulnerability Name

Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability

Description

Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

https://nvd.nist.gov/vuln/detail/CVE-2024-37079

Related News Articles

CISA: VMware ESXi flaw now exploited in ransomware attacksFebruary 5, 2026

CISA says critical VMware RCE flaw now actively exploitedJanuary 26, 2026

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV CatalogJanuary 24, 2026