CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability
VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments. It allows you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence. With VMware Center, you gain centralized visibility, simplified and efficient management at scale, and extensibility across the hybrid cloud from a single console. Here are some related articles: Boot failure: How to fix EFI network timeout on VMware Workstation,. And how to solve VMware workstation .lck error. This article will show you how to resolve CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability.
The following vulnerability was reported by Yaron Zinar and Sagi Sheinfeld of Crowdstrike to Vmware. The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.
VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1. Please see Differences between vSphere and ESXi and vCenter.
Impacted Products
The following solutions below are affected.
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Please here are some exciting articles: VMware vCenter Server and Cloud Foundation: Workaround for CVE2021-22048, vCenter Server File Upload Vulnerability [CRITICAL], vCenter Converter removed from available downloads on VMware use Veeam, how to enable Exploit Protection on Windows using Windows, and CVE-2022-22948. Patch available to address vCenter Server information disclosure vulnerability.
What Exploit Does this Vulnerability Present?
A malicious actor with non-administrative access to the vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Workarounds to resolve CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability
There are currently no updates (patches) to mitigate this vulnerability. But here is the workaround for CVE-2021-22048: switch to AD over LDAPS authentication.
OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vCenter Server | 8.0 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
| vCenter Server | 7.0 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending [1] | KB86292 | KB89027 [1] |
| vCenter Server | 6.7 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
| vCenter Server | 6.5 | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
Impacted Product Suites that Deploy Response Matrix Components:
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2021-22048 | 7.1 | Important | Patch pending | KB86292 | None |
| Cloud Foundation (vCenter Server) | 3.x | Any | CVE-2021-22048 | 7.1 | Important | Patch Pending | KB86292 | None |
Note: VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048. It may introduce a functional issue for customers using IWA. Please review KB89027 for more information.
I hope you found this short piece on “CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability” useful. If you have any questions, please let me know in the comment session.
