Increased Scanning Activity Detected on VMWare HCX "Sessions" Endpoint

Today, an increase in scanning activity was observed on the "sessions" endpoint of VMWare Hybrid Cloud Extension (HCX). These scans are sometimes related to attempts to exploit various VMWare vulnerabilities to determine if the system is running the extensions or to gather additional information to facilitate exploitation. The incident was reported on Wednesday, March 12.