CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-5544

CVSS 9.8v3.1pub. 2019-12-06upd. 2025-10-30

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    3031
  • Openslp

    APP
    Openslp
    ≤ 2.0.0
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    6.0_s390x7.0_s390x
  • Red Hat Enterprise Linux For IBM Z Systems Eus

    OS
    Redhat
    7.7_s390x
  • Red Hat Enterprise Linux For Power Big Endian

    OS
    Redhat
    6.0_ppc647.0_ppc64
  • Red Hat Enterprise Linux For Power Big Endian Eus

    OS
    Redhat
    7.7_ppc64
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    7.0_ppc64le
  • Red Hat Enterprise Linux For Power Little Endian Eus

    OS
    Redhat
    7.7_ppc64le
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    7.7
  • Red Hat Enterprise Linux Server Eus

    OS
    Redhat
    7.7
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    7.7
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    6.07.0
  • VMware ESXi

    OS
    Vmware
    6.06.56.7
  • VMware Horizon Daas

    APP
    Vmware
    8.0.0 – 9.0.0.0 (bez)

CISA KEV — detailsi

Vendori
VMware
Producti
VMware ESXi and Horizon DaaS
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt

VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox