On Wednesday, VMware disclosed that it is developing remedies for a potentially significant privilege escalation issue in vCenter Server.
The vulnerability has been issued the CVE-2021-22048 number and a severity level of “important,” which is comparable to “high severity” based on its CVSS score of 7.1.
The IWA (Integrated Windows Authentication) authentication mechanism in the vCenter Server involves a privilege escalation vulnerability, according to VMware’s advisory. “A malicious actor with non-administrative access to vCenter Server might use this flaw to elevate privileges to a more powerful group.”
vCenter Server 6.7 and 7.0, as well as Cloud Foundation 3.x and 4.x, are all affected. VMware has produced a document with workaround procedures until updates are available.
“The workaround for CVE-2021-22048 is to migrate from Integrated Windows Authentication (IWA) to AD over LDAPS authentication/Identity Provider Federation for AD FS (vSphere 7.0 only),” VMware informed.
CrowdStrike’s Yaron Zinar and Sagi Sheinfeld are credited with alerting VMware to the problem.
Although there is no indication that the vulnerability has been exploited for nefarious purposes, the lack of updates and the fact that CrowdStrike identified the security flaw could indicate that it has been exploited.
CrowdStrike has been contacted but the cybersecurity firm has declined to provide any additional information.
It’s not unheard of for threat actors to use vCenter Server vulnerabilities, so it’s critical that enterprises apply updates or solutions as quickly as feasible. There are thousands of vCenter Server instances that are accessible through the internet.
