Critical vCenter Server RCE Vulnerability (CVE-2024-37079) Actively Exploited in the Wild
January 27th, 2026
Critical
Our Cyber Threat Intelligence Unit is monitoring updated vendor guidance on CVE-2024-37079, a critical remote code execution (RCE) vulnerability in VMware vCenter Server. Although first disclosed in June 2024, the issue has become more urgent following Broadcom’s January 23, 2026, advisory confirming active exploitation. The vulnerability affects vCenter Server’s DCERPC protocol implementation and has a CVSS v3.1 score of 9.8 (Critical). Attackers with network access to a vulnerable vCenter service can exploit this vulnerability to execute arbitrary code and potentially gain full control of the virtualization management plane. Given vCenter’s central, highly privileged role, unpatched deployments pose a high-impact operational and security risk.
Technical Details
CVE ID: CVE-2024-37079
Severity: Critical (CVSS v3.1 Score: 9.8)
Vulnerability Type: Heap Overflow
Affected Products:
VMware vCenter Server
VMware Cloud Foundation (deployments including vCenter Server)
Protocol Involved: DCERPC
Attack Vector: Network-based exploitation
Exploitation Mechanics:
The vulnerability is caused by a heap-overflow condition in vCenter Server’s DCERPC protocol handling.
A remote attacker with network access to the vulnerable service can send specially crafted DCERPC packets.
Malformed requests may trigger memory corruption within the vCenter Server process.
Successful exploitation can result in arbitrary code execution with elevated privileges.
Exploitation occurs without authentication or prior access, significantly increasing exposure where management services are broadly reachable.
Impact
Successful exploitation may allow remote code execution on the vCenter Server.
A compromised vCenter instance enables full administrative control over virtualized environments, including:
Creation, modification, or deletion of virtual machines
Disruption of workloads and services
Attackers may leverage vCenter access for lateral movement to managed hosts and connected infrastructure.
Due to vCenter’s privileged position, exploitation poses severe risks to availability, integrity, and operational stability across enterprise environments.
Detection Method
Organizations should take the following steps to identify potential exposure or exploitation:
Identify deployed vCenter Server versions and validate patch status against Broadcom’s updated advisory.
Monitor network traffic for unusual or malformed DCERPC requests targeting vCenter services.
Review system and application logs for unexpected crashes, memory errors, or abnormal vCenter behavior.
Use vulnerability scanners and asset management tools that reference CVE-2024-37079.
Investigate unexplained vCenter service restarts or performance anomalies.
Indicators of Compromise
There are no Indicators of Compromise (IOCs) for this advisory.
Recommendations
Apply vendor patches immediately for CVE-2024-37079.
Upgrade to a fixed vCenter Server release, including:
vCenter Server 8.0 U2d or 8.0 U1e
vCenter Server 7.0 U3r
Restrict network access to vCenter Server, allowing connections only from trusted management networks.
Ensure management services are not exposed to untrusted or external network segments.
Review Broadcom security advisories regularly for updates and remediation guidance.
Increase logging, monitoring, and alerting for DCERPC activity and vCenter service anomalies.
Conclusion
CVE-2024-37079 remains a critical and actively relevant threat to VMware vCenter Server, particularly following confirmation of in-the-wild exploitation in recent vendor guidance. The vulnerability’s ability to facilitate unauthenticated remote code execution highlights the importance of strict access controls, continuous monitoring, and timely patching. Organizations operating unpatched vCenter environments face elevated operational and security risk due to vCenter’s central role in infrastructure management. Immediate remediation and sustained defensive monitoring are essential to reduce exposure and protect virtualized environments.