[VMC] Vulnerabilities Detected in Hybrid Cloud Extension (HCX) Connector(s) by Third-Party Scanning Tool
search cancel

[VMC] Vulnerabilities Detected in Hybrid Cloud Extension (HCX) Connector(s) by Third-Party Scanning Tool

book

Article ID: 329957

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

This article provides information on the nature of vulnerabilities that are being detected on the HCX connector while using third-party scanning tools.

Symptoms:
Third-party security scanning tool reports open vulnerabilities for IP's relating to HCX and its components.

Cause

Third-party scanning tools are confirmed as having false positive alerts generated against HCX Connector(s) and its components. Additionally, HCX purposefully leaves some services enabled to better support backwards compatibility with older versions of HCX, vCenter, or ESX.

Resolution

  • VMC HCX Manager will not be patched in one-off situations where the HCX connectors are detected vulnerable by third-party scanning tools
  • Regular security scans are being performed against the active HCX versions looking for potential vulnerabilities. Any vulnerability found that is deemed dangerous enough is then patched in the cyclical HCX release cycles. Although the patch notes may not always provide details on what vulnerabilities were patched in what version, there is still security hardening happening with each patch. 
  • The only way to make sure the Cloud HCX is not open to vulnerabilities is to keep up to date on the current HCX Release both OnPrem and in the Cloud.


Additional Information

HCX Document

Attachments

HCX Vulnerability Scan get_app