CISA Flags Actively Exploited VMware vCenter RCE Flaw in KEV Catalog

**CVE-2024-37079 (VMware vCenter RCE, CVSS 9.8) added to CISA KEV:** A critical heap-overflow in the DCE/RPC implementation of VMware vCenter Server allows unauthenticated remote code execution; affected vCenter 8.0 (before U2d/U1e), 7.0 (before U3r), and VMware Cloud Foundation builds. VMware advisory VMSA-2024-0012 (updated VMSA-2024-0012.1) and CISA note active exploitation in the wild; patches are available and no in-product workarounds were identified.