VMware vCenter Server and ESXi Vulnerability Audit

Discover Vulnerable VMware vCenter Server and ESXi Installations

VMware has released security updates for vCenter Server and ESXi addressing the vulnerabilities tracked as CVE-2022-31680 (affecting vCenter Server version 6.5) and CVE-2022-31681 (affecting ESXi versions 6.5, 6.7, and 7.0). The vulnerabilities received CVSSv3 base scores of 7.2 and 3.8 respectively. The more severe vulnerability, affecting vCenter Server, is a deserialization vulnerability in the PSC. Succesful exploitation could allow an attacker to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

You can read more about the vulnerabilities in the VMware Vulnerability blog post.

VMware vCenter Server and ESXi Vulnerability Query

Select Distinct Top 1000000 tblAssets.AssetID,
tsysAssetTypes.AssetTypename As AssetType,
tsysAssetTypes.AssetTypeIcon10 As icon,
Coalesce(tblAssets.Version, tblVmwareProductInfo.Version) As Version,
Coalesce(tblAssets.BuildNumber, tblVmwareProductInfo.Build) As BuildNumber,
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
Left Join tblVmwareVcenters On tblAssets.AssetID = tblVmwareVcenters.AssetID
Left Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID =
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where (tsysAssetTypes.Assettypename = 'ESXi server' And
((tblAssets.Version Like '6.5%' And Cast(tblAssets.BuildNumber As bigint) <
20502893) Or (tblAssets.Version Like '6.7%' And
Cast(tblAssets.BuildNumber As bigint) < 20497097) Or
(tblAssets.Version Like '7.0%' And Cast(tblAssets.BuildNumber As bigint) <
20036589))) Or
(tsysAssetTypes.Assettypename = 'VMware vCenter server' And
tblVmwareProductInfo.VCenterID Is Not Null And
tblVmwareProductInfo.Version Like '6.5%' And Cast(tblVmwareProductInfo.Build
As bigint) < 20510539)

Audit and Take Action in 3 Easy Steps


1. Download & Install Lansweeper


3. Run the Audit & Take Action

Download Lansweeper to Run this Audit