VMware has warned of a critical bug impacting its ESXi hypervisor and Horizon DaaS cloud desktop-as-a-service products.
VMware’s security advisory says the problem is not inherent to its products, but comes from OpenSLP, an Internet Engineering Task Force (IETF) standards track protocol that “provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks.”
The vulnerability - CVE-2019-5544 - has been rated Critical and assigned a maximum CVSSv3 base score of 9.8.
The flaw appears not to have wide impact, as VMware’s advisory says “OpenSLP as used in ESXi and the Horizon DaaS appliances” has the issue rather than it being of concern to all user of the protocol.
It’s nasty enough for VMware users as is: the company characterises the flaw as “ a heap overwrite issue” that means “A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.”
ESXi version 6.0 through 6.7 needs a fix, as does Horizon DaaS 8.x when running as a virtual appliance.