Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-3992

Published: 20/10/2020 Updated: 15/06/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Vmware

Vulnerability Summary

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware esxi 6.5

vmware esxi 6.7

vmware cloud foundation

vmware esxi 7.0.0

Vendor Advisories

VMware Security Advisories:
Sign up for Security Advisories Stay up to date on the latest VMware Security advisories and updates ...

Github Repositories

https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992

Python / scapy module implementing SRVLOC/SLP protocol and scans for enabled OpenSLP services.

Scanner for SLP services (CVE-2019-5544 CVE-2020-3992) Python script that implements SRVLOC/SLP protocol to scan for enabled OpenSLP services You may find it handy while searching for systems impacted by CVE-2019-5544, CVE-2020-3992 or CVE-2021-21974 More info on the VMware vulnerability you may find for instance here: blograpid7com/2020/11/11/vmware-esxi-openslp

https://github.com/dgh05t/VMware_ESXI_OpenSLP_PoCs

CVE-2020-3992 & CVE-2019-5544

VMware_ESXI_OpenSLP_PoCs CVE-2020-3992 & CVE-2019-5544 Tested on ESXI installed on VMware Workstation If on real mechine, you may need to change the srvtype field (service:VMwareInfrastructure)

Recent Articles

VMware patches, among other things, ESXi flaw that can be abused by miscreants on the network to hijack hosts
The Register • Gareth Corfield • 20 Oct 2020

Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc Cisco warns VMware code bug can leave hyperconverged tin ‘unrecoverable’

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software. In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products. CVE-2020-3992, which tops the list with a 9.8 out of 10 CVSS severity rating, is a use-after-free vuln in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host. The IT giant said: “A mal...

Read more...

References

CWE-416https://www.vmware.com/security/advisories/VMSA-2020-0023.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-20-1385/https://www.zerodayinitiative.com/advisories/ZDI-20-1377/https://nvd.nist.govhttps://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992https://www.theregister.co.uk/2020/10/20/vmware_adobe_critical_cve_patches/https://www.vmware.com/security/advisories/VMSA-2020-0023.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook