BACK TO NEWS
Breaking NewsCritical

Critical VMware vCenter RCE Flaw Under Active Exploitation, CISA Warns

2 min readSource: BleepingComputer

CISA adds VMware vCenter Server vulnerability (CVE-2024-37079) to KEV catalog after confirmed exploitation. Federal agencies must patch within 21 days.

Critical VMware vCenter RCE Vulnerability Exploited in the Wild, CISA Alerts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation. Federal agencies have been mandated to secure their systems within 21 days—by August 20, 2024—under Binding Operational Directive (BOD) 22-01.

Technical Details of CVE-2024-37079

The vulnerability, tracked as CVE-2024-37079 (CVSS score pending), affects VMware vCenter Server, a centralized management platform for virtualized environments. While VMware has not disclosed full technical specifics, the flaw is classified as an RCE vulnerability, allowing unauthenticated attackers to execute arbitrary code on vulnerable systems. Additional details include:

  • Affected Versions: VMware vCenter Server 7.0 and 8.0 (specific patch versions not yet disclosed).
  • Attack Vector: Exploitation likely occurs via network access to the vCenter Server management interface.
  • Mitigation: VMware has released patches; immediate updates are strongly recommended.

Impact and Threat Landscape

vCenter Server is a high-value target for threat actors due to its role in managing virtualized infrastructure, including ESXi hosts, virtual machines (VMs), and storage/network resources. Successful exploitation of CVE-2024-37079 could enable:

  • Full system compromise of vCenter Server instances.
  • Lateral movement into connected ESXi hosts and VMs.
  • Data exfiltration or ransomware deployment in enterprise environments.

CISA’s inclusion of the flaw in the KEV catalog underscores the urgency, as active exploitation suggests threat actors—potentially advanced persistent threat (APT) groups or ransomware operators—are already leveraging the vulnerability.

Recommendations for Security Teams

  1. Immediate Patching: Apply VMware’s security updates for vCenter Server without delay.
  2. Network Segmentation: Isolate vCenter Server instances from untrusted networks to limit exposure.
  3. Monitoring: Deploy intrusion detection/prevention systems (IDS/IPS) to detect exploitation attempts.
  4. Access Controls: Restrict administrative access to vCenter Server to authorized personnel only.
  5. Backup Critical Systems: Ensure offline backups of virtualized infrastructure are available for recovery.

For federal agencies, compliance with CISA’s directive is mandatory. Private sector organizations are urged to prioritize patching given the confirmed in-the-wild exploitation.

Original reporting by Sergiu Gatlan for BleepingComputer.

Share

TwitterLinkedIn