This week VMware has released security updates that fix a critical remote code execution vulnerability in ESXi that was recently disclosed by white hat hackers at the Tianfu Cup hacking competition in China.
The Tianfu Cup 2019 International Cyber Security Competition took place in November, white hat hackers that participated into the competition have earned $545,000 for working zero-day exploits.
Researcher @xiaowei from the 360Vulcan team received the highest reward ($200,000) for a working exploit for the VMware vSphere ESXi product that allowed them to escape from the guest virtual machine to the host. The critical flaw tracked as CVE-2019-5544 has been assigned a CVSS score of 9.8.
The hacker was able to take control of the host operating system in only 24 seconds.
According to VMware, the CVE-2019-5544 flaw is a heap overwrite issue that resides in the OpenSLP
“A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution,”
Experts from VMware that were present at the competition received the details of the exploit immediately after the expert demonstrated the attack.
According to VMware, the flaw affects ESXi versions 6.0, 6.5 and 6.7 running on any platform, and the Horizon cloud desktop-as-a-service (DaaS) platform version 8.x.
The company has already patched the issue for ESXi and it is currently working on a fix for Horizon DaaS.