Article Number: 000153620
Critical
Summary:
VMware ESXi contains an OpenSLP remote code execution vulnerability in VCF over VxRail, which requires a security update to address it.
VMware ESXi is an embedded management platform used in VCF over VxRail.
A malicious user with network access to port 427 on an ESXi host may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.
VMware ESXi has been updated to address the following vulnerability:
CVE-2019-5544
9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The workaround for this issue involves disabling the 3D-acceleration feature. See VMware Security Advisory for more information: https://www.vmware.com/security/advisories/VMSA-2019-0022.html
VMware ESXi is an embedded management platform used in VCF over VxRail.
A malicious user with network access to port 427 on an ESXi host may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.
VMware ESXi has been updated to address the following vulnerability:
CVE-2019-5544
9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The workaround for this issue involves disabling the 3D-acceleration feature. See VMware Security Advisory for more information: https://www.vmware.com/security/advisories/VMSA-2019-0022.html
Affected Products:
VCF over VxRail versions prior to 3.9.1
Remediation:
The following Dell EMC VCF over VxRail release addresses this vulnerability:
VCF over VxRail 3.9.1
For Dell EMC VCF over VxRail 3.9.1 and later, the security update is contained in the release VCF over VxRail 3.9.1
Dell EMC recommends all customers upgrade at the earliest opportunity.
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.9.1/rn/vmware-cloud-foundation-on-dell-emc-vxrail-16-release-notes.html
Affected Products:
VCF over VxRail versions prior to 3.9.1
Remediation:
The following Dell EMC VCF over VxRail release addresses this vulnerability:
VCF over VxRail 3.9.1
For Dell EMC VCF over VxRail 3.9.1 and later, the security update is contained in the release VCF over VxRail 3.9.1
Dell EMC recommends all customers upgrade at the earliest opportunity.
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.9.1/rn/vmware-cloud-foundation-on-dell-emc-vxrail-16-release-notes.html
VxRack SDDC
22 May 2021
4
Dell Security Advisory