vCenter DDOS Vulnerability Audit

Find vCenter Servers Vulnerable to DDOS Attacks

Discover devices in your environment that have an outdated vCenter version and might be vulnerable to CVE-2019-11477 and CVE-2019-11478 which can lead to denial of service attacks. DDOS attacks can lead to significant downtime of your virtual environment impacting anything that is hosted or controlled by them. Therefore it is highly recommended you update your vCenter servers to the latest patch available. You can read more about these vulnerabilities in the vCenter DDOS vulnerability blog post.

Lansweeper scans you vCenter and with it your entire VMware virtual environment. The vCenter server version and the build number are both scanned and are used in the audit below to find vCenter servers that need to be updated.

vCenter DDOS Vulnerability Query

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysAssetTypes.AssetTypename,
  tblAssets.IPAddress,
  tblAssetCustom.Manufacturer,
  tblVmwareProductInfo.Vendor,
  tblVmwareProductInfo.OsType,
  tblVmwareProductInfo.Version,
  tblVmwareProductInfo.Build,
  Case
    When tblVmwareProductInfo.Version = '6.0.0' And
      Cast(tblVmwareProductInfo.Build As bigint) > 13638623 Then '#d4f4be'
    When tblVmwareProductInfo.Version = '6.5.0' And
      Cast(tblVmwareProductInfo.Build As bigint) > 13834586 Then '#d4f4be'
    When tblVmwareProductInfo.Version = '6.7.0' And
      Cast(tblVmwareProductInfo.Build As bigint) > 13843380 Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor,
  Case
    When tblVmwareProductInfo.Version = '6.0.0' And
      Cast(tblVmwareProductInfo.Build As bigint) > 13638623 Then 'Up to date'
    When tblVmwareProductInfo.Version = '6.5.0' And
      Cast(tblVmwareProductInfo.Build As bigint) > 13834586 Then 'Up to date'
    When tblVmwareProductInfo.Version = '6.7.0' And
      Cast(tblVmwareProductInfo.Build As bigint) > 13843380 Then 'Up to date'
    Else 'Out of date'
  End As [Patch Status],
  tblAssets.Lastseen,
  tblAssets.Lasttried
From tblVmwareVcenters
  Inner Join tblAssets On tblAssets.AssetID = tblVmwareVcenters.AssetID
  Inner Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID =
    tblVmwareProductInfo.VCenterID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tblState On tblState.State = tblAssetCustom.State
Where tblVmwareProductInfo.OsType Like '%linux%' And tblState.Statename =
  'Active'
Order By tblAssets.IPAddress,
  tblAssets.AssetName

 

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting