cve detail

CVE-2024-37079

naam

Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability

Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution.

KEV

bekend misbruikt

EPSS

82%

percentiel

99%

vendor

Broadcom

product

VMware vCenter Server

toegevoegd aan KEV

23 jan 2026

due date

13 feb 2026

ransomware

Unknown

CWE

CWE-787

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37079