Multiple VMware Software Vulnerabilities Audit
Software VulnerabilityFind Vulnerable VMware Software Tools, VMRC, App Volumes and Carbon Black App Control Installations
VMware released two new security advisories regarding its software tools. CVE-2021-21999, a local privilege escalation vulnerability, affects VMware Tools, VMRC and VMware App Volumes. The vulnerability has a CVSSv3 base score of 7.8. The second vulnerability is more critical, with a CVSSv3 base score of 9.4, it is important to update your Carbon Black App Control installation as soon as possible. Tracked as CVE-2021-21998, the Carbon Black App Control vulnerability is an authentication bypass in the VMware Carbon Black App Control management server.
To secure your network, it is important you update affecting VMware software as soon as possible. With the audit below you can check if machines within your network are using any of the vulnerable software versions mentioned in the VMware advisories. The audit checks if the versions of the tools meet the minimum fixed versions listed in the VMware advisories.
VMware Software Vulnerability Query
Select Distinct Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, subquery1.[Carbon Black App Control (VMSA-2021-0012)], subquery2.[VMware Tools (VMSA-2021-0013)], subquery3.[VMware Remote Console(VMSA-2021-0013)], subquery4.[App Volumes (VMSA-2021-0013)], Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried, Case When subquery1.[Carbon Black App Control (VMSA-2021-0012)] <> 'Safe' Then '#ffadad' When subquery2.[VMware Tools (VMSA-2021-0013)] <> 'Safe' Then '#ffadad' When subquery3.[VMware Remote Console(VMSA-2021-0013)] <> 'Safe' Then '#ffadad' When subquery4.[App Volumes (VMSA-2021-0013)] <> 'Safe' Then '#ffadad' Else '#d4f4be' End As backgroundcolor From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Inner Join tblState On tblState.State = tblAssetCustom.State Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Left Join (Select Top 1000000 tblAssets.AssetID, Case When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) > 8 Then 'Safe' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 6 Then 'Safe' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 6 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 1 Then 'Safe' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 6 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) Between 0 And 1 Then 'Vulnerable' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 5 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 7 Then 'Safe' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 5 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) Between 0 And 7 Then 'Vulnerable' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 1 Then 'Vulnerable' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 8 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 0 Then 'Vulnerable' When tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' Then 'Safe' End As [Carbon Black App Control (VMSA-2021-0012)] From tblAssets Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Where tblSoftwareUni.softwareName Like '%Carbon Black%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%') As subquery1 On subquery1.AssetID = tblAssets.AssetID Left Join (Select Top 1000000 tblAssets.AssetID, Case When tblSoftwareUni.softwareName Like '%VMware Tools%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) > 11 Then 'Safe' When tblSoftwareUni.softwareName Like '%VMware Tools%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 11 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 2 Then 'Safe' When tblSoftwareUni.softwareName Like '%VMware Tools%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 11 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 2 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) >= 6 Then 'Safe' When tblSoftwareUni.softwareName Like '%VMware Tools%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' Then 'Vulnerable' End As [VMware Tools (VMSA-2021-0013)] From tblAssets Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Where tblSoftwareUni.softwareName Like '%VMware Tools%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%') As subquery2 On subquery2.AssetID = tblAssets.AssetID Left Join (Select Top 1000000 tblAssets.AssetID, Case When tblSoftwareUni.softwareName Like '%Remote console%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) <> 12 Then 'Safe' When tblSoftwareUni.softwareName Like '%Remote console%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 12 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 0 Then 'Safe' When tblSoftwareUni.softwareName Like '%Remote console%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 12 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 0 And Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 1 Then 'Safe' When tblSoftwareUni.softwareName Like '%Remote console%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' Then 'Vulnerable' End As [VMware Remote Console(VMSA-2021-0013)] From tblAssets Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Where tblSoftwareUni.softwareName Like '%Remote console%' And tblSoftwareUni.softwareName Not Like '%plug%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%') As subquery3 On subquery3.AssetID = tblAssets.AssetID Left Join (Select Top 1000000 tblAssets.AssetID, Case When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) > 4 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 4 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) > 4 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 4 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 4 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 1 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 4) As bigint) = 4 And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 4 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 1 And Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 4 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And tblSoftware.softwareVersion Like '3%' Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 2 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 2 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) > 18 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' And Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 2 And Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 18 And Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) >= 10 Then 'Safe' When tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%' Then 'Vulnerable' End As [App Volumes (VMSA-2021-0013)] From tblAssets Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID Where tblSoftwareUni.softwareName Like '%App Volumes%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%') As subquery4 On subquery4.AssetID = tblAssets.AssetID Where tsysAssetTypes.AssetTypename = 'Windows' And tblState.Statename = 'Active' And (tblSoftwareUni.softwareName Like '%Carbon Black%' Or tblSoftwareUni.softwareName Like '%VMware Tools%' Or tblSoftwareUni.softwareName Like '%Remote console%' Or tblSoftwareUni.softwareName Like '%App Volumes%') And tblSoftwareUni.softwareName Not Like '%plug%' And tblSoftwareUni.SoftwarePublisher Like '%VMware%'