CISA Known Exploited Vulnerability

CVE-2019-5544 Ransomware

VMware · VMware ESXi and Horizon DaaS

VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2022-05-03

CWE CWE-787

Ransomware Known

CISA description

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2019-5544

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2019-5544
CVE.org · CVE-2019-5544
CISA KEV catalog (canonical)