OpenSSL security vulnerability with CVE-2011-1473 identifier affects vCenter Server, ESX, and ESXi
searchcancel
OpenSSL security vulnerability with CVE-2011-1473 identifier affects vCenter Server, ESX, and ESXi
book
Article ID: 318387
calendar_today
Updated On: 06-03-2025
Products
VMware vSphere ESXi
Issue/Introduction
A denial of service possibility has surfaced for OpenSSL. A server-side denial of service is possible if the client sends multiple renegotiation requests.
You may see these symptoms:
You can connect to an ESX/ESXi host using the vSphere/VI client, but the ESX/ESXi host cannot be added to vCenter Server and you may receive the error:
Request timed out
You are able to add the host to vCenter Server, but the hardware status is lost.
Existing ssh/VI client connections to ESX/ESXi are not affected.
Virtual machines operate normally while under attack, without any obvious decline in performance.
This is a known issue affecting vCenter Server, and multiple versions of ESX and ESXi.
This is an unresolved bug in OpenSSL that has not been fixed by the software maintainers at this time. It's an industry-wide problem with all users of OpenSSL and is not unique to VMware.
Note: ESX and ESXi are able to recover automatically after the attack (that is, operation returns to normal). A reboot is not required.