VMware vCenter Server Vulnerability Audit – October 2023
Security Software VulnerabilityDiscover VMware vCenter Server Installs Vulnerable to CVE-2023-34048
Vmware released a security update for vCenter Server addressing 2 new vulnerabilities, one of which is critical. The most important fix is for an out-of-bounds write vulnerability in the implementation of the DCERPC protocol tracked as CVE-2023-34048, which received a critical CVSS score of 9.8. When successfully exploited the issue could lead to remote code execution. The update also fixes a partial information disclosure vulnerability (CVE-2023-34056) with a CVSS score of 4.3. You can learn more about these security updates in our Vmware vCenter Server Vulnerability Blog.
To help you locate vulnerable vCenter Server deployments, the report below will provide you with an overview of all affected installs that you still need to update. This way you have an actionable list of installs that need your intervention.
Run the VMware vCenter Server Audit Report Now!
VMware vCenter Server Audit Lansweeper On-Prem Query
Select Distinct Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, Coalesce(tblAssets.Version, tblVmwareProductInfo.Version) As Version, Coalesce(tblAssets.BuildNumber, tblVmwareProductInfo.Build) As BuildNumber, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Left Join tblVmwareVcenters On tblAssets.AssetID = tblVmwareVcenters.AssetID Left Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID = tblVmwareProductInfo.VCenterID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Where (tsysAssetTypes.Assettypename = 'VMware vCenter server' And tblVmwareProductInfo.VCenterID Is Not Null And ((tblVmwareProductInfo.Version Like '8.0%' And Cast(tblVmwareProductInfo.Build As bigint) < 22368047) or (tblVmwareProductInfo.Version Like '7.0%' And Cast(tblVmwareProductInfo.Build As bigint) < 22357613) or (tblVmwareProductInfo.Version Like '6.7%' And Cast(tblVmwareProductInfo.Build As bigint) < 22509723) or (tblVmwareProductInfo.Version Like '6.5%' And Cast(tblVmwareProductInfo.Build As bigint) < 22499743)))