VMware vCenter Server and Cloud Foundation: Workaround for CVE-2021-22048 Privilege Escalation Vulnerability

VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling vSphere environments for visibility across hybrid clouds. ain centralized visibility, simplified and efficient management at scale, and extensibility across the hybrid cloud all from a single console. VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence. A privilege escalation vulnerability in the VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products.

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1. VMware expresses thanks to Yaron Zinar and Sagi Sheinfeld of Crowdstrike for reporting this vulnerability. Here are some related VMware guides: How to create and delete a snapshot on VMware Workstation, how to extend a VM’s Hard Disk on VMware Workstation, and how to install Windows Server 2022 on VMware Workstation.

Present Issue

Impacted Products

The following products are impacted. Workarounds are available to remediate this vulnerability in the affected VMware products.

• VMware vCenter Server (vCenter Server)
• VMware Cloud Foundation (Cloud Foundation)

Known Attack Vectors

A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Note: There is currently no solution (resolution) for this issue at the moment. But there is currently a workaround which has been addressed in this guide.

Impact / Risks

Active Directory over LDAPs does not understand domain trusts, so customers that switch to this method will have to configure a unique identity source for each of their trusted domains. Identity Provider Federation for AD FS does not have this restriction

Workarounds

Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

Active Directory over LDAP authentication is not impacted by this vulnerability. However, VMware strongly recommends that customers plan to move to another authentication method, The VMware blog posted here has more details on this. 

Response Matrix

VMware Cloud Foundation provides a ubiquitous hybrid cloud platform for both traditional enterprise and modern applications. Based on a proven and comprehensive software-defined stack including VMware vSphere with VMware Tanzu, VMware vSAN, VMware NSX-T Data Center, and VMware vRealize Suite. VMware Cloud Foundation provides a complete set of software-defined services for compute, storage, network, container, and cloud management. The result is an agile, reliable, efficient cloud infrastructure that offers consistent operations across private and public clouds.

Impacted Product Suites that Deploy Response Matrix Components

Below is a response matrix addressing the Cloud Foundation Vulnerability.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.