VMware announced it’s working on security patches to address an important severity privilege escalation vulnerability, tracked as CVE-2021-22048, in its vCenter Server.
vCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location.
The flaw resides in the IWA (Integrated Windows Authentication) authentication mechanism, it received a CVSS score of 7.1. The vulnerability was privately reported to the virtualization giant by Yaron Zinar and Sagi Sheinfeld from CrowdStrike.
“The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.” reads the security advisory published by the company. “A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.”
The flaw impacts vCenter 6.7 and 7.0, as well as Cloud Foundation 3.x and 4.x.
Waiting for security patches from the vendor, customers could apply workarounds provided in the advisory.
“Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication/Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.” concludes the advisory.
It is likely that VMware disclosed the issue before the release of security patches because it is actively exploited by threat actors in the wild.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, VMware)
[adrotate banner=”5″]
[adrotate banner=”13″]
A former U.S. NSA employee has been sentenced to nearly 22 years in prison for…
A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest…
A flaw in the R programming language enables the execution of arbitrary code when parsing…
The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019.…
Finnish hacker was sentenced to more than six years in prison for hacking into an…
The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure…
This website uses cookies.