VMware vCenter Server has been identified with a heap-overflow vulnerability in the implementation of the DCERPC protocol . This affects only vCenter 7.x version and above. vCenter versions running on 6.5 and 6.7 are not affected by this vulnerability. In vCenter version 7.0 and higher vimdird process binds with ports (2012 & 636) during binding it downgrades the privilege from root to vimdird privilege, whereas in Vcenter 6.5 & 6.7 versions the vimdird process always runs only with root privilege

vCenter 7.x and 8.x

• In vCenter Server version 7.0 and higher, the vmdird process binds with ports 2012 & 636.
• A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

• vCenter Server version running on 6.5 and 6.7 versions are not affected by this vulnerability, because in these versions the vmdird process can run only with root privilege. A non-root user cannot make any changes to vmdird process. 
• If you are using vCenter Server 7.0 version, the issue is addressed in 7.0U3t version build 24322018 VMware vCenter Server 7.0 Update 3t Release Notes.
• If you are using vCenter Server 8.0 version, the issue is addressed in 8.0U3d VMware vCenter Server 8.0 Update 3d Release Notes and 8.0U2e VMware vCenter Server 8.0 Update 2e Release Notes versions.
• Please refer to VMware Security Advisory VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) for further details. 

For more details about VMSA-2024-0019