VMware has addressed a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition.
This week VMware has released security updates that fix a critical remote code execution vulnerability in ESXi that was recently disclosed by white hat hackers at the Tianfu Cup hacking competition in China.
The Tianfu Cup 2019 International Cyber Security Competition took place in November, white hat hackers that participated into the competition have earned $545,000 for working zero-day exploits.
Researcher @xiaowei from the 360Vulcan team received the highest reward ($200,000) for a working exploit for the VMware vSphere ESXi product that allowed them to escape from the guest virtual machine to the host. The critical flaw tracked as CVE-2019-5544 has been assigned a CVSS score of 9.8.
The hacker was able to take control of the host operating system in only 24 seconds.
According to VMware, the CVE-2019-5544 flaw is a heap overwrite issue that resides in the OpenSLP open-source implementation of the Service Location Protocol (SLP), which allows the software to locate resources on a network.
“OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.” reads theadvisory published by the company..
“A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution,”
Experts from VMware that were present at the competition received the details of the exploit immediately after the expert demonstrated the attack.
According to VMware, the flaw affects ESXi versions 6.0, 6.5 and 6.7 running on any platform, and the Horizon cloud desktop-as-a-service (DaaS) platform version 8.x.
The company has already patched the issue for ESXi and it is currently working on a fix for Horizon DaaS.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.