OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 29 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-07-30T01:45:34.610Z

Reserved: 2019-12-30T00:00:00.000Z

Link: CVE-2020-3992

cve-icon Vulnrichment

Updated: 2024-08-04T07:52:20.539Z

cve-icon NVD

Status : Analyzed

Published: 2020-10-20T17:15:12.810

Modified: 2025-04-02T19:08:45.723

Link: CVE-2020-3992

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.