From the CVE mentioned.
A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
The usual problems I am guessing, like bridged networks and/or access to other hosts with logins. Usually, the best is to isolate networks and only expose host ports that result in services. Examples:
- Make use of "DMZ" networks with one-way traffic to further make life difficult for attackers.
- Make use of jump hosts for redirection or HA of traffic, that can have high-security enforcement and restrictions with no public authentication (only back and if possible segregated networks for admins only).
INFO: Public VMware infrastructure should always have different Layer 2 networks between VMs and the infrastructure services, hence not making the port available from a normal user traffic perspective (which might be where the exploits might come from). Cloud is terrible for this problem because they don't often offer this kind of infrastructure.
Many don't realize that the bare metal hosts they rent in a data center aren't isolated from the internal network and other hosts that are on the same switch. Hosting providers should draw their client's attention to this.
Yeah... I deal with infrastructure (and virtual solutions) at public level for many users, so therefore my heads up for many trying to use cloud or other service providers.