CISA has issued an urgent mandate for federal agencies to patch a critical remote code execution vulnerability in VMware vCenter Server by February 13th. Both Broadcom and federal officials confirmed that attackers are actively exploiting this flaw, which allows unauthorized users to gain control over virtual management systems without any user interaction.

The Cybersecurity and Infrastructure Security Agency recently updated its Known Exploited Vulnerabilities catalog to include a high-risk flaw found in the implementation of the DCERPC protocol within VMware vCenter Server. This vulnerability, identified as CVE-2024-37079, is a heap overflow weakness that gives attackers a pathway to execute code remotely on targeted systems. Because this specific management platform controls large numbers of virtual machines and hosts, the potential for widespread network compromise is significant.

Security researchers note that the attack complexity is remarkably low, requiring only network access to the server rather than physical access or stolen credentials. By sending a specifically designed network packet, a threat actor can trigger the flaw to gain administrative-level influence over the vSphere environment. Broadcom has explicitly stated that no temporary workarounds exist for this issue, meaning the only way to protect a system is to install the official security patches immediately.

The directive issued by CISA applies specifically to Federal Civilian Executive Branch agencies, which include major departments such as Justice, Energy, and State. Under the 2021 Binding Operational Directive, these organizations are legally required to address these vulnerabilities within a strict three-week window to protect the federal enterprise. This action follows a pattern of increasing attacks against virtualization infrastructure, which has become a primary target for sophisticated cyber actors.

Broadcom synchronized its own security communications with the government's warning, confirming they have evidence of exploitation occurring in the wild. This confirmation heightens the urgency for private sector organizations to follow the federal government's lead in updating their software. This particular flaw was originally patched in mid-2024, but the transition from a known vulnerability to an actively exploited one has triggered this renewed call for defensive action.

This incident is part of a broader trend involving frequent security breaches targeting Broadcom’s VMware suite over the past year. Previous mandates have been issued for vulnerabilities in VMware Aria Operations and VMware Tools, some of which were exploited by state-sponsored groups in zero-day attacks. As these platforms remain central to modern data centers, CISA continues to emphasize that applying vendor-provided mitigations or discontinuing the use of unpatched products is essential for national security.

Source: CISA Says Critical VMware RCE Flaw Is Now Actively Exploited