Reference:
Advisory #2020-035
Version:
1.0
Affected software:
VMware Cloud Foundation (EXSi) 4.0, 3.0 and earlier.
VMware EXSi version 7.0, 6.7, 6.5, 6.0 and earlier.
VMware Horizon DaaS 8.0 and earlier.
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2020-3992 - CVSS.V3 - 9.8 CVE-2019-5544 - CVSS.V3 - 9.8
Sources
https://www.zerodayinitiative.com/advisories/ZDI-20-1269/
https://www.vmware.com/security/advisories/VMSA-2020-0023.html www.vmware.com/security/advisories/VMSA-2019-0022.html
Risks
These vulnerabilities could allow remote attackers to execute arbitrary code on affected installations of VMware ESXi. No kind of authentication is required to exploit those vulnerabilities.
Description
The vulnerabilities could be exploited by remote attackers to compromise systems running VMware ESXi and execute arbitrary code on them. No level of authentication is required. The specific flaw exists within the processing of SLP messages. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the SLP daemon.
Recommended Actions
CERT.be recommends to System administrators to install the latest updates released by the vendor for the affected versions:
https://www.vmware.com/security/advisories/VMSA-2020-0023.html & www.vmware.com/security/advisories/VMSA-2019-0022.html.
References
https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remote-code-execution-vulnerability
https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remote-code-execution-vulnerability#vuln-details 
