VMware vCenter Server File Upload Vulnerability Audit

Find Vulnerable VMware vCenter Servers

VMware just released a security advisory for Center Server versions 6.5, 6.7, and 7.0. A total of 19 vulnerabilities have been fixed including a critical vulnerability (CVE-2021-22005) with a CVSSv3 base score of 9.8. This vulnerability lies in the Analytics service. Any attacker with network access to port 443 on a vCenter Server is able to exploit this vulnerability and execute code on the vCenter Server by uploading a specially crafted file. To read more about the vulnerabilities disclosed, read our vCenter vulnerability blog.

To help you protect your environment, the report below provides an overview of all your VMware vCenter Servers along with their version and build number. Additionally, it also indicated whether a specific server is vulnerable or not. To fix the vulnerability, you'll need to update your vCenter Servers to the latest version released on 21 September 2021.

 

VMware vCenter Server File Upload Vulnerability Query

Select Top 1000000 tblAssets.AssetID,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetName,
tblAssets.IPAddress,
tblAssetCustom.Manufacturer,
tblVmwareProductInfo.Vendor,
tblVmwareProductInfo.OsType,
tblVmwareProductInfo.Version,
tblVmwareProductInfo.Build,
Case
When tblVmwareProductInfo.Version Like '6.5%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18499837 Then 'Safe'
When tblVmwareProductInfo.Version Like '6.7%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18485166 Then 'Safe'
When tblVmwareProductInfo.Version Like '7.0%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18455184 Then 'Safe'
Else 'Vulnerable'
End As [Safe/Vulnerable],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblVmwareProductInfo.Version Like '6.5%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18499837 Then '#d4f4be'
When tblVmwareProductInfo.Version Like '6.7%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18485166 Then '#d4f4be'
When tblVmwareProductInfo.Version Like '7.0%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18455184 Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblVmwareVcenters
Inner Join tblAssets On tblAssets.AssetID = tblVmwareVcenters.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID =
tblVmwareProductInfo.VCenterID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where (tblVmwareProductInfo.Version Like '6.5%' And tblState.Statename =
'Active') Or
(tblVmwareProductInfo.Version Like '6.7%') Or
(tblVmwareProductInfo.Version Like '7.0%')
Order By tblAssets.IPAddress,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit