Lucene search

[email protected]CVE-2020-3992

HistoryOct 20, 2020 - 5:15 p.m.

CVE-2020-3992

2020-10-2017:15:00

CWE-416

[email protected]

web.nvd.nist.gov

1084

In Wild

vmware

esxi

openslp

cve-2020-3992

use-after-free

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.356 Low

EPSS

Percentile

97.1%

JSON

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

CPENameOperatorVersion
vmware:esxivmware esxieq6.5
vmware:esxivmware esxieq6.7
vmware:esxivmware esxieq7.0.0
vmware:cloud_foundationvmware cloud foundationlt4.1
vmware:cloud_foundationvmware cloud foundationlt3.10.1.1

CPE	Name	Operator	Version
vmware:esxi	vmware esxi	eq	6.5
vmware:esxi	vmware esxi	eq	6.7
vmware:esxi	vmware esxi	eq	7.0.0
vmware:cloud_foundation	vmware cloud foundation	lt	4.1
vmware:cloud_foundation	vmware cloud foundation	lt	3.10.1.1