Attackers aren’t scanning your perimeter anymore they’re going straight for your control plane.
The critical VMware vCenter Server flaw, tracked as CVE‑2024‑37079, previously patched in June 2024, is now confirmed to be actively exploited by threat actors.
This is a real attack path, already being used, and posing a significant risk to enterprises
For organizations running core infrastructure on VMware, this isn’t background noise, it’s a RED ALERT!!
The danger lies deep inside the VMwarevCenter Server itself. A heap overflow vulnerability in the DCERPC protocol implementation that allows attackers with simple network access to send a specially crafted packet and trigger remote code execution.
What makes this especially dangerous for critical institutions is that there are no No authentication. No user interaction. No advanced skills required.
Attackers with network access can send a specially crafted packet and achieve:
· Remote Code Execution (RCE)
· No authentication required
· No user interaction needed
· Low attack complexity
In other words, If an attacker can reach your vCenter Server, they may be able to take control of the very system that manages your virtual machines, workloads, and production environments.
Unlike many vulnerabilities that allow temporary mitigations, this one doesn’t.
Broadcom (VMware’s parent company) has been explicit:
There are no workarounds or mitigations for CVE‑2024‑37079.
The only fix is to apply the latest security patches for:
- VMware vCenter Server
- VMware Cloud Foundation
Recommendations
· Confirm whether your vCenter versions are affected
· Apply vendor patches urgently
· Restrict network access to vCenter management interfaces
· Monitor for abnormal DCERPC traffic or vCenter behaviour
· Follow cloud security directives or discontinue use of the product
· In light of active exploitation, organizations are required to update to the latest version by February 13, 2026, for optimal protection.
.png)
.png)