Vulnerability Details CVE-2020-3992
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.908
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
Ransomware Campaign
Known
References
- https://www.vmware.com/security/advisories/VMSA-2020-0023.html
- https://www.zerodayinitiative.com/advisories/ZDI-20-1377/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1385/
- https://www.vmware.com/security/advisories/VMSA-2020-0023.html
- https://www.zerodayinitiative.com/advisories/ZDI-20-1377/
- https://www.zerodayinitiative.com/advisories/ZDI-20-1385/
Products affected by CVE-2020-3992
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.5
-
cpe:2.3:a:vmware:cloud_foundation:3.5.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7
-
cpe:2.3:a:vmware:cloud_foundation:3.7.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7.2
-
cpe:2.3:a:vmware:cloud_foundation:3.8
-
cpe:2.3:a:vmware:cloud_foundation:3.8.1
-
cpe:2.3:a:vmware:cloud_foundation:3.9
-
cpe:2.3:a:vmware:cloud_foundation:3.9.1
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1
-
cpe:2.3:o:vmware:esxi:6.5
-
cpe:2.3:o:vmware:esxi:6.7
-
cpe:2.3:o:vmware:esxi:7.0.0