After the analysis and comparison of the existing vulnerability analysis methods, a new vulnerability model of distributed systems based on reliability theory is proposed. First, it models vulnerabilities of distributed systems from the aspects of security-related factors. Then it utilizes the model checking method to build Vulnerability State Graph (VSG) of distributed systems to depict the complete process of exploitation of vulnerabilities. Finally, it introduces reliability theory to perform analysis and quantitative evaluation of vulnerabilities of distributed systems, which provides a theoretical evidence for security enhancement.