VMware has published a security advisory to address a remote code execution vulnerability in OpenSLP that was used in VMware ESXi and Horizon Desktop-as-a-service (DaaS) appliance. A remote attacker with network access to port 427 on the affected systems might be able to overwrite the heap of the OpenSLP service.
Successful exploitation of the vulnerability could lead to remote code execution on an affected system.
The product vendor has released new versions, as well as workarounds, to address the issues at the vendor's website:
System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.vmware.com/security/advisories/VMSA-2019-0022.html
https://www.us-cert.gov/ncas/current-activity/2019/12/06/vmware-releases-security-updates-esxi-and-horizon-daas
https://www.hkcert.org/my_url/en/alert/19120901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5544