Cyber Resilience

CVE-2019-5544

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 06 December 2019

Published
06 December 2019
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9213 99.7th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-5544 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Vmware Esxi. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

OpenSLP as used in VMware ESXi and Horizon DaaS appliances contains a heap overwrite vulnerability tracked as CVE-2019-5544. The flaw is assigned CWE-787 and carries a CVSSv3 base score of 9.8 reflecting network attack vector, low attack complexity, and no required privileges or user interaction. VMware rates the issue as critical.

An unauthenticated attacker with network access can send specially crafted SLP packets that trigger the out-of-bounds write, resulting in full compromise of confidentiality, integrity, and availability on the affected system.

Public advisories such as VMware VMSA-2019-0022 and the associated Red Hat errata RHSA-2019:4240 and RHSA-2020:0199 describe available patches and updated OpenSLP packages that remediate the flaw.

No information on observed in-the-wild exploitation is provided in the source references.

EU & UK References

Vulnerability details

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
horizon daas
8.0.0 — 9.0.0.0
vmware
esxi
6.0, 6.5, 6.7
redhat
enterprise linux desktop
6.0, 7.0
redhat
enterprise linux for ibm z systems
6.0_s390x, 7.0_s390x
redhat
enterprise linux for ibm z systems eus
7.7_s390x
redhat
enterprise linux for power big endian
6.0_ppc64, 7.0_ppc64
redhat
enterprise linux for power big endian eus
7.7_ppc64
redhat
enterprise linux for power little endian
7.0_ppc64le
redhat
enterprise linux for power little endian eus
7.7_ppc64le
redhat
enterprise linux server
6.0, 7.0
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches referenced in VMSA-2019-0022 that eliminate the heap overwrite flaw in OpenSLP.

prevent

Blocks unauthenticated network access to the SLP service, preventing an attacker from sending the crafted packets that trigger the out-of-bounds write.

prevent

Disables or restricts the OpenSLP service when not required, eliminating the attack surface that allows remote unauthenticated exploitation.

References