Discover Vulnerable VMware vCenter Server and ESXi Installations
VMware has released security updates for vCenter Server and ESXi addressing the vulnerabilities tracked as CVE-2022-31680 (affecting vCenter Server version 6.5) and CVE-2022-31681 (affecting ESXi versions 6.5, 6.7, and 7.0). The vulnerabilities received CVSSv3 base scores of 7.2 and 3.8 respectively. The more severe vulnerability, affecting vCenter Server, is a deserialization vulnerability in the PSC. Succesful exploitation could allow an attacker to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
You can read more about the vulnerabilities in the VMware Vulnerability blog post.
VMware vCenter Server and ESXi Vulnerability Query
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
Coalesce(tblAssets.Version, tblVmwareProductInfo.Version) As Version,
Coalesce(tblAssets.BuildNumber, tblVmwareProductInfo.Build) As BuildNumber,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Left Join tblVmwareVcenters On tblAssets.AssetID = tblVmwareVcenters.AssetID
Left Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID =
tblVmwareProductInfo.VCenterID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where (tsysAssetTypes.Assettypename = 'ESXi server' And
((tblAssets.Version Like '6.5%' And Cast(tblAssets.BuildNumber As bigint) <
20502893) Or (tblAssets.Version Like '6.7%' And
Cast(tblAssets.BuildNumber As bigint) < 20497097) Or
(tblAssets.Version Like '7.0%' And Cast(tblAssets.BuildNumber As bigint) <
20036589))) Or
(tsysAssetTypes.Assettypename = 'VMware vCenter server' And
tblVmwareProductInfo.VCenterID Is Not Null And
tblVmwareProductInfo.Version Like '6.5%' And Cast(tblVmwareProductInfo.Build
As bigint) < 20510539)
