CVE-2019-5544
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
96.8%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
Product
VMware / VMware ESXi and Horizon DaaS
Vulnerability
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
Yes
Summary description
VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-5544
No related CVEs by CWE or product.