"Threat actors have exploited a critical-severity VMware vCenter Server vulnerability disclosed in 2024, according to fresh warnings from CISA and Broadcom. Tracked as CVE-2024-37079 (CVSS score of 9.8), the flaw is described as an out-of-bounds write issue in the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol implementation of vCenter Server. Incorrect bounds checking during the processing of network packets could result in an overflow of heap memory, leading to remote code execution. The security defect can be exploited by remote attackers with access to vCenter Server via specially crafted network packets."
"On Friday, the US cybersecurity agency CISA added CVE-2024-37079 to its Known Exploited Vulnerabilities (KEV) catalog, warning federal agencies of its in-the-wild exploitation. Patches for the weakness were released in June 2024. On Friday, VMware parent company Broadcom updated its initial advisory to add a note on the bug's abuse. "Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild," the note reads."
CVE-2024-37079 is an out-of-bounds write vulnerability in the DCERPC protocol implementation of VMware vCenter Server with a CVSS score of 9.8. Incorrect bounds checking when processing network packets can overflow heap memory and enable remote code execution by attackers who can reach vCenter Server. CISA added the flaw to its Known Exploited Vulnerabilities catalog and Broadcom updated its advisory saying exploitation has been observed. Patches were released in June 2024. Federal agencies have three weeks under BOD 22-01 to identify and patch vulnerable deployments. All organizations are advised to review the KEV catalog and apply available fixes and mitigations.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]