I scanned my ESXi 6.0.0 build 5572656, VMware ESX(i) Detection (HTTP) report show a correct build number, but follow vulnerability report show a result with build number like “n”:
There was indeed a problem with the build extraction for ESXi. This has been fixed today and the changes should arrive in the feeds in the next couple of days.
This looks like expected. The build number is provided by ESXi via the queried API endpoint, you can check that by having a look at the “Concluded from version/product identification result:” output of the following VT:
If the HTTP Detection-VT is showing the correct build then i don’t see any way how the Vulnerability-VT can show a different build. If we’re checking the gb_vmware_esx_web_detect.nasl VT we can see the following around line 127:
The only real explanation for a discrepancy in the build between the HTTP Detection-VT and the Vulnerability-VT could be that the Detection is happening via SNMP (in addition to the Detection via HTTP) with the following VT and ESXi is reporting a wrong / older build number via SNMP:
If this is really the case then i don’t think that there is much what can be done about that if the ESXi is reporting a wrong / outdated build via SNMP.
VMware ESX(i) Detection (HTTP) result is correct from the beginning, and the Vulnerability result changed from “n” when I updated.
I cann’t find any build number from other Detection-VT, and SNMP service is stopped.
But I started SNMP service and rescanned, and a few server passed Vulnerability-VT.
That’s weird.