CVE-2021-22048: VMware vCenter Server Privilege Escalation Vulnerability
On November 10, 2021, VMware officially released a risk notice for vCenter Server privilege escalation, the vulnerability number is CVE-2021-22048, the vulnerability level is high risk with a CVSS score: 7.1.
VMware vCenter Server provides a scalable and extensible platform, laying the foundation for virtualization management. VMware vCenter Server, which can centrally manage the VMware vSphere environment, greatly improves IT administrators’ control over the virtual environment compared with other management platforms.
Vulnerability Detail
vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. Hackers with non-administrative access to vCenter Server may use this issue to elevate privileges to a higher privilege group
Affected version
- vCenter Server 6.7
- vCenter Server 7.0
- Cloud Foundation 3x & 4x
Solution
In this regard, we recommend that users should follow the workaround instructions for CVE-2021-22048 in time.
This workaround requires that the SSO identity source configuration is switched from Integrated Windows Authentication (IWA) to one of the options below.1) Active Directory over LDAPs authentication
2) Identity Provider Federation for AD FS (vSphere 7.0 only)