CVE-2019-5544

CRITICAL KEV RANSOMWARE NUCLEI

Vmware Horizon Daas < 9.0.0.0 - Out-of-Bounds Write

Title source: rule

Description

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Exploits (2)

nomisec WORKING POC 68 stars

by dgh05t · dos

https://github.com/dgh05t/VMware_ESXI_OpenSLP_PoCs

View Code ZIP pw:eip

nomisec SCANNER 49 stars

by HynekPetrak · infoleak

https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992

View Code ZIP pw:eip

Nuclei Templates (1)

VMware ESXi SLP - Heap Overflow DoS

CRITICALVERIFIEDby riteshs4hu

Shodan: http.title:"horizon daas"

FOFA: title="horizon daas"

References (9)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/12/10/2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/12/11/2

[Patch, Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2019-0022.html

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4240

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2020:0199

[Release Notes] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/

[Release Notes] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/

[Third Party Advisory] https://security.gentoo.org/glsa/202005-12

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5544

Scores

CVSS v3 9.8

EPSS 0.9248

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-11-11

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-15119

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (21)

fedoraproject/fedora 30

fedoraproject/fedora 31

openslp/openslp < 2.0.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_for_ibm_z_systems 6.0_s390x

redhat/enterprise_linux_for_ibm_z_systems 7.0_s390x

redhat/enterprise_linux_for_ibm_z_systems_eus 7.7_s390x

redhat/enterprise_linux_for_power_big_endian 6.0_ppc64

redhat/enterprise_linux_for_power_big_endian 7.0_ppc64

... and 11 more

Published Dec 06, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026