CISA says critical VMware RCE flaw now actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical VMware vCenter Server vulnerability (CVE-2024-37079) as being actively exploited, mandating federal agencies to patch their systems within three weeks. This heap overflow vulnerability allows for remote code execution with low complexity and no required privileges or user interaction, and Broadcom advises immediate patching as no workarounds exist.