VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence. With VMware Center, you gain centralized visibility, simplified and efficient management at scale, and extensibility across the hybrid cloud from a single console. Here is the link to my blogpost.

 

The following vulnerability was reported by Yaron Zinar and Sagi Sheinfeld of Crowdstrike to Vmware. The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

 

Impacted Products

• VMware vCenter Server (vCenter Server)
• VMware Cloud Foundation (Cloud Foundation)

What Exploit does this Vulnerability Present?

 

A malicious actor with non-administrative access to the vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

 

Workarounds

 

There are currently no updates (patches) to mitigate this vulnerability. But here is the workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

 

 

Impacted Product Suites that Deploy Response Matrix Components:

 

 

Note: VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and may introduce a functional issue for customers using IWA. Please review KB89027 for more information.