VMwareVMSA-2021-0025VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)
0.003 Low
EPSS
Percentile
66.3%
1. Impacted Products
-
VMware vCenter Server (vCenter Server)
-
VMware Cloud Foundation (Cloud Foundation)
2. Introduction
A privilege escalation vulnerability in VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products.
3. VMware vCenter Server IWA privilege escalation vulnerability (CVE-2021-22048)
Description
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors
A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Resolution
None.
Workarounds
Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication
ORIdentity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Yaron Zinar and Sagi Sheinfeld of Crowdstrike for reporting this issue to us.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vcenter server | eq | 7.0 | |
| vcenter server | eq | 6.7 | |
| cloud foundation (vcenter server) | eq | 4.x | |
| cloud foundation (vcenter server) | eq | 3.x |
Related
