Privilege Escalation Exploit in VMWare VCenter Server
Share this:
VMware informed that it’s working on security patches to address an important severity privilege escalation vulnerability, tracked as CVE-2021-22048, in its VCenter Server.
VCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The flaw resides in the IWA (Integrated Windows Authentication) authentication mechanism, it received a CVSS score of 7.1.
The VCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
The flaw impacts VCenter 6.7 and 7.0, as well as Cloud Foundation 3.x and 4.x.
“Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication/Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.” concludes the advisory.
It is likely that VMware disclosed the issue before the release of security patches because it is actively exploited by threat actors in the wild.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds |
| vCenter Server | 7 | Any | CVE-2021-22048 | 7.1 | Important | Patch pending | KB86292 |
| vCenter Server | 6.7 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 |
Impacted Product Suites that Deploy Response Matrix Components:
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2021-22048 | 7.1 | Important | Patch pending | KB86292 |
| Cloud Foundation (vCenter Server) | 3.x | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 |
