CVE-2019-5544 - VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability

CVE ID:CVE-2019-5544

Project:VMware

Product:VMware ESXi and Horizon DaaS

Date Added:2021-11-03Due Date:2022-05-03

Vulnerability Name

VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability

Description

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-5544