The critical vulnerability, tracked as CVE-2020-3992, is a use-after-free issue that affects the OpenSLP service in ESXi. The vulnerability can allow remote attackers to execute arbitrary code on affected installations of the ESXi product. The company also patched a high-severity flaw in NSX-T, caused by the way a KVM host is allowed to download and install packages from the NSX manager. The flaw could be exploited by a MitM attacker to compromise transport nodes.”]
Source: https://securityaffairs.co/wordpress/109843/security/vmware-critical-flaws.html