July 14, 2022

High-Severity VMware vCenter Vulnerability

VMware has finally made a patch available for one of the impacted versions of vCenter Server, eight months after revealing a high-severity privilege escalation vulnerability.

The Vulnerability

• CVE-2021-22048, (CVSS 3.1: 7.1, High) – Privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.
  This vulnerability could be used by a threat actor with non-administrative access to vCenter Server to obtain access to a more privileged group.

Affected Products

•  vCenter Server versions (i.e., 6.5, 6.7, and 7.0)

Mitigation

CYREBRO recommends updating to the last version of VMware vCenter, vCenter 7.0 update 3f in order to mitigate the vulnerability.

Workarounds

A possible workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ section in the official advisory.

References: VMWare Advisory