Security | Vulnerability Scans and Assessment Virtualization

CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability


VMware vCenter Server is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence. With VMware Center, you gain centralized visibility, simplified and efficient management at scale, and extensibility across the hybrid cloud from a single console. Here are some related articles: Boot failure: How to fix EFI network timeout on VMware Workstation, and How to solve VMware workstation .lck error. This article will show you how to resolve CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability.

The following vulnerability was reported by Yaron Zinar and Sagi Sheinfeld of Crowdstrike to Vmware. The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Impacted Products

The following solutions below are affected.

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

Please here are some exciting articles: VMware vCenter Server and Cloud Foundation: Workaround for CVE2021-22048, vCenter Server File Upload Vulnerability [CRITICAL], vCenter Converter removed from available downloads on VMware use Veeam, how to enable Exploit Protection on Windows using Windows, and CVE-2022-22948. Patch available to address vCenter Server information disclosure vulnerability.

What Exploit Does this Vulnerability Present?

A malicious actor with non-administrative access to the vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Workarounds to resolve CVE-2021-22048: VMware vCenter Server updates address a privilege escalation vulnerability

There are currently no updates (patches) to mitigate this vulnerability. But here is the workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
vCenter Server8.0AnyCVE-2021-220487.1Important Patch PendingKB86292None
vCenter Server7.0AnyCVE-2021-220487.1Important Patch Pending [1]KB86292KB89027 [1]
vCenter Server6.7AnyCVE-2021-220487.1Important Patch PendingKB86292None
vCenter Server6.5AnyCVE-2021-220487.1Important Patch PendingKB86292None

Impacted Product Suites that Deploy Response Matrix Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (vCenter Server)4.xAnyCVE-2021-220487.1Important Patch pendingKB86292None
Cloud Foundation (vCenter Server)3.xAnyCVE-2021-220487.1Important Patch PendingKB86292None

Note: VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and may introduce a functional issue for customers using IWA. Please review KB89027 for more information.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x