CVE-2020-3992

CRITICAL KEV RANSOMWARE

Vmware Cloud Foundation < 3.10.1.2 - Use After Free

Title source: rule

Description

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

Exploits (3)

nomisec WORKING POC 68 stars

by dgh05t · dos

https://github.com/dgh05t/VMware_ESXI_OpenSLP_PoCs

View Code ZIP pw:eip

nomisec SCANNER 49 stars

by HynekPetrak · infoleak

https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

dos

https://github.com/ceciliaaii/CVE_2020_3992

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2020-0023.html

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-20-1377/

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-20-1385/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3992

Scores

CVSS v3 9.8

EPSS 0.9087

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-11-11

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-25257

Ransomware Use Confirmed

CWE

CWE-416

Status published

Products (2)

vmware/cloud_foundation 3.0 - 3.10.1.2

vmware/esxi 6.5 (49 CPE variants)

Published Oct 20, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026