A critical remote code execution (RCE) vulnerability in Broadcom VMware vCenter Server has been added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Binding Operational Directive 22-01 requires federal agencies to patch impacted systems by February 13, 2026. Vulnerability Overview CVE-2024-37079 is an out-of-bounds write vulnerability that affects VMware vCenter Server's DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol implementation.

Threat actors with network access can potentially accomplish remote code execution without authentication by sending specially constructed network packets to susceptible vCenter instances.

Vendor Product Vulnerability Type CVE-2024-37079 Broadcom VMware vCenter Server Out-of-bounds CVE ID Write (CWE-787) The fact that CISA added CVE-2024-37079 to the KEV catalog indicates that this vulnerability is being actively targeted by attackers in actual campaigns. The vulnerability's RCE nature makes it a top target for threat actors looking to gain initial access to enterprise virtualization infrastructure, even though it is still unclear whether the flaw has been used in ransomware operations. Attackers can overwrite memory locations outside of intended boundaries thanks to out-of-bounds write vulnerabilities, which may result in denial-of-service situations, arbitrary code execution, or privilege escalation.

The successful exploitation of vCenter Server, the centralized management platform for the VMware environment, could give attackers complete control over hosts, virtual machines, and sensitive enterprise workloads.

CISA advises companies to implement mitigations as soon as possible in accordance with Broadcom's vendor guidelines. Cloud service providers and federal agencies are required to adhere to the relevant BOD 22-01 guidelines. Organizations should stop using impacted products or use network segmentation to limit access to vCenter Server management interfaces if patches are unavailable or cannot be installed quickly.

The following tasks should be given top priority by security teams: Examine access logs for any questionable DCERPC activity. Keep an eye out for unapproved network connections to vCenter instances. Make sure multi-factor authentication is used to safeguard privileged accounts. To isolate the vCenter infrastructure, assess network segmentation techniques.

Keep an up-to-date record of every vCenter deployment in the system. In virtualized environments, timely patching and vulnerability management are crucial, as demonstrated by the active exploitation of CVE-2024-37079.

Organizations should prioritize this vulnerability and devote resources to remediation efforts right away, as the February 13 deadline for federal agencies draws near. For businesses that depend on VMware virtualization technologies, this vulnerability is especially risky due to the possibility of complete infrastructure compromise.