CVE-2019-5544

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

CVE-2019-5544 is a critical heap overflow vulnerability in OpenSLP used by VMware ESXi and Horizon DaaS appliances. It allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted packets. Organizations running affected VMware products are at risk.

💻 Affected Systems

Products:

VMware ESXi
VMware Horizon DaaS appliances

Versions: ESXi 6.7 prior to ESXi670-201912001, ESXi 6.5 prior to ESXi650-202002001, ESXi 6.0 prior to ESXi600-202005001

Operating Systems: VMware ESXi hypervisor

Default Config Vulnerable: ⚠️ Yes

Notes: OpenSLP service runs by default on affected VMware products. Horizon DaaS appliances use vulnerable OpenSLP versions.

📦 What is this software?

Enterprise Linux Desktop by Redhat

View all CVEs affecting Enterprise Linux Desktop →

Enterprise Linux Desktop by Redhat

View all CVEs affecting Enterprise Linux Desktop →

Enterprise Linux For Ibm Z Systems by Redhat

View all CVEs affecting Enterprise Linux For Ibm Z Systems →

Enterprise Linux For Ibm Z Systems by Redhat

View all CVEs affecting Enterprise Linux For Ibm Z Systems →

Enterprise Linux For Ibm Z Systems Eus by Redhat

View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →

Enterprise Linux For Power Big Endian by Redhat

View all CVEs affecting Enterprise Linux For Power Big Endian →

Enterprise Linux For Power Big Endian by Redhat

View all CVEs affecting Enterprise Linux For Power Big Endian →

Enterprise Linux For Power Big Endian Eus by Redhat

View all CVEs affecting Enterprise Linux For Power Big Endian Eus →

Enterprise Linux For Power Little Endian by Redhat

View all CVEs affecting Enterprise Linux For Power Little Endian →

Enterprise Linux For Power Little Endian Eus by Redhat

View all CVEs affecting Enterprise Linux For Power Little Endian Eus →

Enterprise Linux Server by Redhat

View all CVEs affecting Enterprise Linux Server →

Enterprise Linux Server by Redhat

View all CVEs affecting Enterprise Linux Server →

Enterprise Linux Server Aus by Redhat

View all CVEs affecting Enterprise Linux Server Aus →

Enterprise Linux Server Eus by Redhat

View all CVEs affecting Enterprise Linux Server Eus →

Enterprise Linux Server Tus by Redhat

View all CVEs affecting Enterprise Linux Server Tus →

Enterprise Linux Workstation by Redhat

View all CVEs affecting Enterprise Linux Workstation →

Enterprise Linux Workstation by Redhat

View all CVEs affecting Enterprise Linux Workstation →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Esxi by Vmware

View all CVEs affecting Esxi →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Horizon Daas by Vmware

View all CVEs affecting Horizon Daas →

Openslp by Openslp

View all CVEs affecting Openslp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution resulting in system compromise and potential ransomware deployment or data exfiltration.

🟢

If Mitigated

Denial of service if exploit fails, but system remains vulnerable to subsequent attacks.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication, making internet-facing systems immediate targets.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available. The vulnerability requires no authentication and has low attack complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ESXi670-201912001, ESXi650-202002001, ESXi600-202005001

Vendor Advisory: http://www.vmware.com/security/advisories/VMSA-2019-0022.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from VMware portal. 2. Place ESXi host in maintenance mode. 3. Apply patch using esxcli software vib update command. 4. Reboot host. 5. Verify patch installation.

🔧 Temporary Workarounds

Disable OpenSLP service

linux

Temporarily disable the vulnerable OpenSLP service to prevent exploitation

esxcli system slp stats set --enable=false

🧯 If You Can't Patch

Isolate affected systems from untrusted networks using firewall rules
Implement strict network segmentation to limit potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check ESXi version with 'esxcli system version get' and compare against patched versions

Check Version:

esxcli system version get

Verify Fix Applied:

Verify patch installation with 'esxcli software vib list | grep open-vm-tools' and check version

📡 Detection & Monitoring

Log Indicators:

Unusual SLP service activity in /var/log/syslog.log
Failed authentication attempts following SLP traffic

Network Indicators:

Unusual traffic to port 427 (SLP)
Malformed SLP packets in network captures

SIEM Query:

source="ESXi" AND (port=427 OR protocol="SLP") AND (size>normal OR malformed_packet)

📊 Metadata

CVE ID: CVE-2019-5544

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 6, 2019

Last Updated: October 30, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2019/12/10/2 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/11/2 Mailing List,Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0022.html Patch,Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4240 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0199 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/ Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/ Release Notes
https://security.gentoo.org/glsa/202005-12 Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/10/2 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/11/2 Mailing List,Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0022.html Patch,Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4240 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0199 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/ Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/ Release Notes
https://security.gentoo.org/glsa/202005-12 Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5544 US Government Resource