VMware vCenter Server vSAN Plugin Vulnerability Audit

Find Vulnerable VMware vCenter Servers

VMware just released a security advisory for Center Server versions 6.5, 6.7, and 7.0. Multiple vulnerabilities have been fixed which pose a severe threat. The most severe vulnerability CVE-2021-21985, with a CVSSv3 score of 9.8 lies within the vSAN plugin. Even if you do not use vSAN, the plugin is enabled by default meaning you are at risk regardless. Read our VMware vulnerability blog to get more details.

To help you protect your environment, the report below provides an overview of all your VMware vCenter Servers along with their version and build number. Additionally, it also indicated whether a specific server is vulnerable or not. To fix the vulnerability, you'll need to update your vCenter Servers to the latest version released 25 May 2021.

 

VMware vCenter Server vSAN Plugin Vulnerability Query

Select Top 1000000 tblAssets.AssetID,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetName,
tblAssets.IPAddress,
tblAssetCustom.Manufacturer,
tblVmwareProductInfo.Vendor,
tblVmwareProductInfo.OsType,
tblVmwareProductInfo.Version,
tblVmwareProductInfo.Build,
Case
When tblVmwareProductInfo.Version Like '6.5%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 17994927 Then 'Safe'
When tblVmwareProductInfo.Version Like '6.7%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18010531 Then 'Safe'
When tblVmwareProductInfo.Version Like '7.0%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 17958471 Then 'Safe'
Else 'Vulnerable'
End As [Safe/Vulnerable],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When tblVmwareProductInfo.Version Like '6.5%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 17994927 Then '#d4f4be'
When tblVmwareProductInfo.Version Like '6.7%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 18010531 Then '#d4f4be'
When tblVmwareProductInfo.Version Like '7.0%' And
Convert(bigint,tblVmwareProductInfo.Build) >= 17958471 Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblVmwareVcenters
Inner Join tblAssets On tblAssets.AssetID = tblVmwareVcenters.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID =
tblVmwareProductInfo.VCenterID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where (tblVmwareProductInfo.Version Like '6.5%' And tblState.Statename =
'Active') Or
(tblVmwareProductInfo.Version Like '6.7%') Or
(tblVmwareProductInfo.Version Like '7.0%')
Order By tblAssets.IPAddress,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit