A previous fix for the critical remote code execution bug was incomplete, according to VMware. The flaw exists in the OpenSLP feature of the VMware ESXi hypervisor. The fix affects ESXi versions 6.5, 6.7 and 7.0; affected products have now been updated to include ESXi implementations on the VMware Cloud Foundation 3.x and 4.x. The flaw (CVE-2020-3992) has a CVSS score of 9.8 out of 10.
Source: https://threatpost.com/vmware-updated-fix-critical-esxi-flaw/160944/