Back to search
CVE-2020-3992
Published: Oct 20, 2020
Modified: Oct 21, 2025
PUBLISHED
Description
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | VMware ESXi | affected VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) |
References
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1377/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1385/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now