## https://sploitus.com/exploit?id=SAINT:0E6E0EC6C629BC0896A59D009066A35A
Added: 02/10/2023
### Background
[VMware ESXi](<https://www.vmware.com/products/esxi-and-esx.html>) is a bare metal hypervisor.
### Problem
A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands.
### Resolution
Upgrade to a fixed version referenced in [VMSA-2021-0002](<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>) or [disable the SLP service](<https://kb.vmware.com/s/article/76372>).
### References
<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>
<https://www.zerodayinitiative.com/advisories/ZDI-21-250/>
### Limitations
Exploit works on ESXi 6.7.0 builds 14320388 and 16316930.
### Platforms
ESX