Proxmox/Hyper-V/VMware Security | Vulnerability Scans and Assessment

CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability

vcenter_sign_on

VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence. With VMware Center, you gain centralized visibility, simplified and efficient management at scale, and extensibility across the hybrid cloud from a single console. Here are some related articles: Boot failure: How to fix EFI network timeout on VMware Workstation, and How to solve VMware workstation .lck error.

The following vulnerability was reported by Yaron Zinar and Sagi Sheinfeld of Crowdstrike to Vmware. The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Impacted Products

The following solutions below are affected.

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

What Exploit does this Vulnerability Present?

A malicious actor with non-administrative access to the vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Workarounds

There are currently no updates (patches) to mitigate this vulnerability. But here is the workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
vCenter Server8.0AnyCVE-2021-220487.1Important Patch PendingKB86292None
vCenter Server7.0AnyCVE-2021-220487.1Important Patch Pending [1]KB86292KB89027 [1]
vCenter Server6.7AnyCVE-2021-220487.1Important Patch PendingKB86292None
vCenter Server6.5AnyCVE-2021-220487.1Important Patch PendingKB86292None

Impacted Product Suites that Deploy Response Matrix Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (vCenter Server)4.xAnyCVE-2021-220487.1Important Patch pendingKB86292None
Cloud Foundation (vCenter Server)3.xAnyCVE-2021-220487.1Important Patch PendingKB86292None

Note: VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and may introduce a functional issue for customers using IWA. Please review KB89027 for more information.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x