VMware vCenter Server is advanced server management software that provides a centralised platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence.
This privilege escalation vulnerability in VMware Center Server was reported to VMware by Yaron Zinar and Sagi Sheinfeld of Crowdstrike for reporting.
Present Issue
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Impacted Products
The following products are impacted. Workarounds are available to remediate this vulnerability in the affected VMware products.
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation).
Known Attack Vectors
A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Note: There is currently no solution (resolution) for this issue at the moment. But there is currently a workaround which has been addressed in this guide.Impact / Risks
Active Directory over LDAPs does not understand domain trusts, so customers that switch to this method will have to configure a unique identity source for each of their trusted domains. Identity Provider Federation for AD FS does not have this restriction. Here is the original blogpost.
Workarounds
Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
Active Directory over LDAP authentication is not impacted by this vulnerability. However, VMware strongly recommends that customers plan to move to another authentication method, The VMware blog posted here has more details on this.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vCenter Server | 7.0 | Any | CVE-2021-22048 | 7.1 | Important | 7.0 U3f | KB86292 | None |
| vCenter Server | 6.7 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
| vCenter Server | 6.5 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
VMware Cloud Foundation provides a ubiquitous hybrid cloud platform for both traditional enterprise and modern applications. Based on a proven and comprehensive software-defined stack including VMware vSphere with VMware Tanzu, VMware vSAN, VMware NSX-T Data Center, and VMware vRealize Suite. VMware Cloud Foundation provides a complete set of software-defined services for compute, storage, network, container, and cloud management. The result is an agile, reliable, efficient cloud infrastructure that offers consistent operations across private and public clouds.
Impacted Product Suites that Deploy Response Matrix Components
Below is a response matrix addressing the Cloud Foundation Vulnerability.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2021-22048 | 7.1 | Important | Patch pending | KB86292 | None |
| Cloud Foundation (vCenter Server) | 3.x | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
