April 1, 2023

VMware informed that it’s working on security patches to address an important severity privilege escalation vulnerability, tracked as CVE-2021-22048, in its VCenter Server.

VCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The flaw resides in the IWA (Integrated Windows Authentication) authentication mechanism, it received a CVSS score of 7.1.

The VCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

The flaw impacts VCenter 6.7 and 7.0, as well as Cloud Foundation 3.x and 4.x.

“Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication/Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.” concludes the advisory.

It is likely that VMware disclosed the issue before the release of security patches because it is actively exploited by threat actors in the wild.


Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkarounds
vCenter Server7AnyCVE-2021-220487.1ImportantPatch pendingKB86292
vCenter Server6.7AnyCVE-2021-220487.1ImportantPatch PendingKB86292

Impacted Product Suites that Deploy Response Matrix Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkarounds
Cloud Foundation (vCenter Server)4.xAnyCVE-2021-220487.1ImportantPatch pendingKB86292
Cloud Foundation (vCenter Server)3.xAnyCVE-2021-220487.1ImportantPatch PendingKB86292

Leave a Reply

%d bloggers like this: