A vulnerability classified as critical was found in VMware ESXi (Virtualization Software). The vulnerability allows a remote attacker to bypass authentication process. The vulnerability exists due to an error in when processing authentication requests in SFCB (Small Footprint CIM Broker). A remote attacker can send specially crafted requests to port 5989/tcp, bypass SFCB authentication and gain unauthorized access to the system.
This vulnerability can be exploited by a remote non-authenticated attacker via the Internet. We are not aware of malware exploiting this vulnerability.
|Vulnerable software||Cloud Foundation
Client/Desktop applications / Virtualization software
|Vulnerable software versions||Cloud Foundation: 3.10, 3.10.1, 188.8.131.52, 184.108.40.206, 4.0, 4.0.1, 4.1, 4.2, 4.2.1|
Install update from vendor’s website.