Search the VMware Knowledge Base (KB)
View by Article ID

Vulnerability scanners report false positive for Dropbear SSH (CVE-2012-0920) (2037316)

  • 4 Ratings


The Dropbear SSH server included with ESXi 4.0 and ESXi 4.1 contains a use-after-free vulnerability that allows remote authenticated users to execute arbitrary code.  In ESXi 4.0 and ESXi 4.1, administrative access is required to login via SSH.  Exploiting this vulnerability provides no gain to an attacker because any authenticated remote user already has sufficient privileges to execute arbitrary code.
The Common Vulnerabilities and Exposures project ( has assigned the name CVE-2012-0920 to this issue.


This vulnerability does not affect ESXi 5.0 because the Dropbear SSH server was replaced with OpenSSH, which does not contain this vulnerability.  In ESXi 4.1 and earlier, the vulnerability can only be exploited by a user with administrative privileges.  Since there is no impact, VMware has decided not to update the affected component.
Customers should note that many vulnerability scanners will detect a vulnerable version of Dropbear SSH and generate an alert for CVE-2012-0920.  With respect to VMware ESXi Server, this alert should be considered a false positive.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 4 Ratings