Discover VMware vCenter Server Installs Vulnerable to CVE-2023-20892
Vmware released a security update for vCenter Server in response to 5 new vulnerabilities. 4 of these vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, and CVE-2023-20895) received an ‘important’ severity rating (CVSSv3 8.1) and could lead to arbitrary code execution and bypass authentication. You can learn more about these security updates in our Vmware vCenter Server Vulnerability Blog.
To help you locate vulnerable vCenter Server deployments, the report below will provide you with an overview of all affected installs that you still need to update. This way you have an actionable list of installs that need your intervention.
VMware vCenter Server Vulnerability Audit Lansweeper On-Prem Query
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
Coalesce(tblAssets.Version, tblVmwareProductInfo.Version) As Version,
Coalesce(tblAssets.BuildNumber, tblVmwareProductInfo.Build) As BuildNumber,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Left Join tblVmwareVcenters On tblAssets.AssetID = tblVmwareVcenters.AssetID
Left Join tblVmwareProductInfo On tblVmwareVcenters.VcenterID =
tblVmwareProductInfo.VCenterID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where
(tsysAssetTypes.Assettypename = 'VMware vCenter server' And
tblVmwareProductInfo.VCenterID Is Not Null And
((tblVmwareProductInfo.Version Like '8.0%'
And Cast(tblVmwareProductInfo.Build As bigint) < 21860503)
or
(tblVmwareProductInfo.Version Like '7.0%'
And Cast(tblVmwareProductInfo.Build As bigint) < 21784236)))