ESXi OpenSLP Remote Code Execution (RCE) Vulnerability
On October 20th, VMWare disclosed the presence of an RCE vulnerability with the OpenSLP within ESXi. Exposure of the vulnerability is through TCP port 427 and yields a CVSSv3 score of 9.8. The vulnerability is referenced by CVE-2020-3992 and was provided a patch by VMWare on the same day as disclosure. Products affected are ESXi, Workstation Pro/Player, Fusion, NSX-T, and Cloud Foundation. Please patch as soon as possible or mitigate access to the admin console on TCP port 427. For more information, please reference VMWare at: https://www.vmware.com/security/advisories/VMSA-2020-0023.html