Lucene search

K
cvelistVmwareCVELIST:CVE-2020-3992
HistoryOct 20, 2020 - 4:11 p.m.

CVE-2020-3992

2020-10-2016:11:13
vmware
www.cve.org
1

9.7 High

AI Score

Confidence

High

0.356 Low

EPSS

Percentile

97.2%

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

CNA Affected

[
  {
    "product": "VMware ESXi",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG)"
      }
    ]
  }
]