CVE-2019-5544 VMware CVE debrief

Who should care

VMware ESXi and Horizon DaaS administrators, virtualization platform owners, SOC teams monitoring edge-facing services, and incident responders responsible for systems exposed to the network.

Technical summary

The supplied records identify a heap-based buffer overflow in OpenSLP associated with VMware ESXi and Horizon DaaS. The vulnerability is tracked as a CVE and appears in CISA's KEV catalog, which also marks it as having known ransomware campaign use. No CVSS score was provided in the supplied corpus.

Defensive priority

High. CISA KEV inclusion and the noted ransomware campaign use mean this issue should be treated as a top-tier patching and exposure-management item, especially on internet-accessible or broadly reachable VMware deployments.

Recommended defensive actions

• Apply vendor-provided updates per VMware instructions.
• Prioritize remediation on any ESXi or Horizon DaaS systems that are reachable from untrusted networks.
• Verify whether OpenSLP is enabled where it is not required and disable or restrict it according to vendor guidance.
• Inventory all affected VMware assets and confirm patch status across clusters and pools.
• Monitor for suspicious activity on exposed VMware management and service endpoints.
• Use the CISA KEV due date as an operational benchmark for backlog and exception review, even though the current record date is older.

Evidence notes

This debrief is based only on the supplied CVE metadata, CISA KEV metadata, and official resource links. The corpus identifies the issue as 'VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability,' marks it as KEV-listed, and records 'Known' ransomware campaign use. No additional technical detail, exploit behavior, or severity score was supplied.

Official resources