"The vulnerability, tracked as CVE-2024-37079, is an out-of-bounds write flaw in vCenter Server's implementation of the DCERPC protocol that earned a 9.8 out of 10 CVSS rating. In other words: it's almost as bad as it gets. DCERPC, which stands for Distributed Computing Environment/Remote Procedure Calls, allows software to invoke procedures and services on a remote system across a network. This bug can be abused by someone with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution."
"Also on Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) added this critical security hole to its Known Exploited Vulnerabilities (KEV) Catalog. This means federal agencies must patch the flaw by February 13 - again, we must note that Broadcom issued a software update that fixes this CVE more than a year and a half ago, and June 2024 would have been the optimal time to deploy the patch."
CVE-2024-37079 is an out-of-bounds write flaw in VMware vCenter Server's DCERPC implementation with a 9.8 CVSS score. DCERPC enables remote procedure calls across networks. An attacker with network access can send specially crafted packets to trigger remote code execution. Broadcom released a patch more than a year ago, but evidence suggests exploitation in the wild. CISA added the flaw to its Known Exploited Vulnerabilities Catalog, mandating federal agencies patch by February 13. CISA lists ransomware use as unknown. Broadcom has not detailed exploitation scope. Virtualization infrastructure, including vCenter Server, is a prized target for advanced threat actors.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]