The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html
https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/
https://securityaffairs.com/171147/security/vmware-vcenter-server-bugs-actively-exploited.html
https://www.securityweek.com/vmware-struggles-to-fix-flaw-exploited-at-chinese-hacking-contest/
https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
https://cloud.google.com/support/bulletins/index#gcp-2024-051