ESXi Remote Code Execution Vulnerability

Investigation revealed that the vulnerability ESXi versions 6.0, 6.5 and 6.7 running on any platform, and the Horizon cloud desktop-as-a-service (DaaS) platform version 8.x. could be exploited to perform remote code execution.

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.

Note: In order to remove the risk of exploitation of the OpenSLP security issue, the ESXi patches should be applied. However, This workaround is applicable ONLY to Horizon DaaS appliances. Do not apply this workaround to other VMware products. Download the workaround for the install version from the MyVMware portal. 6.1.5 : BZ-2467227-Disable_SLPD_service_permanently_615_Hotfix 6.1.6 : BZ-2467226-Disable_SLPD_service_permanently_616_Hotfix 7.0.0 : BZ-2467225-Disable_SLPD_service_permanently_700_Hotfix 8.0.0 : BZ-2467219-Disable_SLPD_service_permanently_800_Hotfix 8.0.1 : BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix

Related Articles