Researcher Names: Lucas Leong
This bug is a pre-authentication RCE using a heap overflow vulnerability in the VMware ESXi’s SLP service. An attacker can execute arbitrary code as root and control all the virtual machines on any vulnerable ESXi without authentication remotely. This attack vector could also be used as a guest virtual machine escape since a guest can access the service by default.
Initially discovered in 2020, along with another vulnerability, VMware had to release 3 patches to fully mitigate the attacks.