Update December 5th, 2019
Today VMware has released the following new security advisory:
VMSA-2019-0022 – VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability (CVE-2019-5544).
The advisory documents the remediation of the critical severity vulnerability which was demonstrated at the Tianfu Cup PWN Contest. Customers should review the security advisory and direct any questions to VMware Support.
Update November 17, 2019
The Tianfu Cup PWN Contest has wrapped up after Day 2. On Day 2 of the contest the 360Vulcan team demonstrated an issue on VMware vSphere ESXi. We are currently investigating the issue after having received the details. We are actively working on its remediation and we plan on publishing a VMware Security Advisory to provide information on updates for affected products.
We would like to thank the Tianfu Cup organizers and the 360Vulcan team for working with us to address the issue.
Update November 16, 2019
VMware products are not in the schedule on Day 1 of the Tianfu Cup PWN Contest in Chengdu. VMware representatives will again be in attendance during Day 2, when VMware Workstation and VMware vSphere ESXi will be targets.
We wanted to post a quick acknowledgement that VMware will have representatives in attendance at the 2019 Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organizers for inviting us to attend. Stay tuned for further updates.
As always please sign up for our VMware Security Advisories here for new and updated information.