CVE-2020-3992

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 before ESXi 7.0.1-0.0.16850804 VMware ESXi versions 6.7 before ESXi670-202010401-SG VMware ESXi versions 6.5 before ESXi650-202010401-SG

Description: The issue is related to a use-after-free problem in the OpenSLP service. A malicious actor with access to port 427 on an ESXi machine may be able to trigger this issue, resulting in remote code execution. This could allow an attacker to execute arbitrary code, cause a denial of service, or gain unauthorized access to protected information.

Recommendations: For VMware ESXi version 7.0, update to a version after ESXi 7.0.1-0.0.16850804. For VMware ESXi version 6.7, update to a version after ESXi670-202010401-SG. For VMware ESXi version 6.5, update to a version after ESXi650-202010401-SG. As a temporary workaround, consider restricting access to port 427 on the ESXi machine to minimize the risk of exploitation.