Broadcom fixes critical RCE bug in VMware vCenter Server

Broadcom released patches for a critical VMware vCenter Server remote code execution vulnerability (CVE-2024-38812) caused by a DCE/RPC heap overflow that can be triggered by an unauthenticated, specially crafted network packet; administrators are urged to install updates or strictly restrict network access to vSphere management components. The advisory also addresses a high-severity privilege escalation (CVE-2024-38813) and references prior exploited vCenter vulnerabilities (including activity attributed to UNC3886), while noting no current evidence of active exploitation for CVE-2024-38812.