COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2019-5544

CVE-2019-5544

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-5544
⚡ RCE ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wild

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Players implicated

VMware, Inc. · vendorVMware ESXi and Horizon DaaS · product

Description

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
VMware Government Services (VGS) VMware, Inc. Authorized vendor-exact · 0.90
Workspace ONE VMware, Inc. Authorized vendor-exact · 0.90