CVE-2019-5544: VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability. VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.
- CISA KEV-listed (remediation due 2022-05-03)
- used in ransomware campaigns
- EPSS 92.1% (99.7% percentile)