Headline
CVE-2021-22048: VMSA-2021-0025.2
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Advisory ID: VMSA-2021-0025.2
CVSSv3 Range: 7.1
Issue Date: 2021-11-10
Updated On: 2022-07-12
CVE(s): CVE-2021-22048
Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
****2. Introduction****
A privilege escalation vulnerability in VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products.
****3. VMware vCenter Server IWA privilege escalation vulnerability (CVE-2021-22048)****
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
VMware would like to thank Yaron Zinar and Sagi Sheinfeld of Crowdstrike for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
vCenter Server
7.0
Any
CVE-2021-22048
7.1
important
7.0 U3f
KB86292
None
vCenter Server
6.7
Any
CVE-2021-22048
7.1
important
Patch Pending
KB86292
None
vCenter Server
6.5
Any
CVE-2021-22048
7.1
important
Patch Pending
KB86292
None
Impacted Product Suites that Deploy Response Matrix Components:
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Cloud Foundation (vCenter Server)
4.x
Any
CVE-2021-22048
7.1
important
Patch pending
KB86292
None
Cloud Foundation (vCenter Server)
3.x
Any
CVE-2021-22048
7.1
important
Patch Pending
KB86292
None
****4. References****
Fixed Version(s) and Release Notes:
****5. Change Log****
2021-11-10 VMSA-2021-0025
Initial security advisory.
2021-11-15 VMSA-2021-0025.1
Added vCenter Server 6.5 in the Response Matrix.
2022-07-12 VMSA-2021-0025.2
Added fixed version of vCenter Server 7.0 in the Response Matrix.
****6. Contact****
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
VMware Security Advisory 2021-0025.3 - VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and introduced a functional issue.
VMware Security Advisory 2022-0025.2 - VMware vCenter Server updates address a privilege escalation vulnerability.