logo

Port 902 – VMware (VMware ESXi Server)

Service:

vmware

Protocol:

TCP

Port:

902

Used for:

VMware ESXi server management interface

Why It’s Open

Port 902 is primarily used by VMware ESXi (formerly ESX Server) for management access and virtual machine operations. This port facilitates secure communications between VMware vSphere Client, vCenter Server, and ESXi hosts. It handles critical virtualization management tasks including VM creation, migration, and resource management.

Organizations running VMware infrastructure use this port for essential hypervisor management. It’s a crucial component in enterprise virtualization environments, enabling both command-line and GUI-based administration of virtual infrastructure.

Common Risks

  • Authentication Bypass:
    Vulnerabilities in authentication mechanisms can grant unauthorized access.
  • Command Injection:
    Malformed management requests may execute arbitrary commands.
  • VM Escape:
    Vulnerabilities could allow guests to affect host systems.
  • Credential Theft:
    Man-in-the-middle attacks on management traffic.
  • Version Exploitation:
    Unpatched versions may have known vulnerabilities.
  • SSL/TLS Vulnerabilities:
    Insecure encryption configurations.
  • Information Disclosure:
    Version and system information leaks.
  • Privilege Escalation:
    Management interface compromises.
  • Remote Code Execution:
    Through management functions.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if it’s open:

Terminal window
nmap -sT -p 902

Test SSL connection:

Terminal window
openssl s_client -connect :902

Verify ESXi presence:

Terminal window
nc -zv  902

What to Look For

CheckpointWhat it means
ESXi version exposedMay reveal vulnerable software versions
Weak SSL/TLSManagement traffic could be intercepted
Authentication errorsPotential misconfigurations
Unusual VM operationsPossible unauthorized access attempts

Mitigation

  • Regular Updates:
    Keep ESXi hosts patched with latest security updates.
  • Strong Authentication:
    Implement complex passwords and MFA where possible.
  • Network Segmentation:
    Restrict management access to dedicated networks.
  • Access Controls:
    Implement role-based access control (RBAC).
  • Monitoring:
    Enable logging of all management operations.

TL;DR

  • Port 902 = VMware ESXi management
  • Critical for virtual infrastructure
  • High-value target for attackers
  • Requires strict access controls

Known CVEs and Exploits

  • CVE-2023-34048 – Remote code execution in ESXi management interface
  • CVE-2022-31656 – Authentication bypass in VMware authorization service
  • CVE-2021-21974 – OpenSLP heap-overflow vulnerability
  • Various tools available for VMware infrastructure testing