VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure.
The vulnerability can be exploited by an attacker with non-administrative access to vulnerable vCenter Server deployments to elevate privileges to a higher privileged group.
“The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.” reads the advisory published by the company. “A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.”
The CVE-2021-22048 flaw affects multiple vCenter Server versions, including 6.5, 6.7, and 7.0. VMware addressed the flaw with the release of vCenter Server 7.0 Update 3fm which only addresses the vulnerability for servers running the latest release.
The company provided a workaround for this issue, suggesting switching to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA).
The CVE-2021-22048 flaw was reported by CrowdStrike researchers Yaron Zinar and Sagi Sheinfeld on November 10th, 2021.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, privilege escalation)
[adrotate banner=”5″]
[adrotate banner=”13″]
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing…
Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the…
This website uses cookies.