VMware announced it’s working on security patches to address an important severity privilege escalation vulnerability, tracked as CVE-2021-22048, in its vCenter Server.
vCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location.
The flaw resides in the IWA (Integrated Windows Authentication) authentication mechanism, it received a CVSS score of 7.1. The vulnerability was privately reported to the virtualization giant by Yaron Zinar and Sagi Sheinfeld from CrowdStrike.
“The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.” reads the security advisory published by the company. “A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.”
The flaw impacts vCenter 6.7 and 7.0, as well as Cloud Foundation 3.x and 4.x.
Waiting for security patches from the vendor, customers could apply workarounds provided in the advisory.
“Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication/Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.” concludes the advisory.
It is likely that VMware disclosed the issue before the release of security patches because it is actively exploited by threat actors in the wild.
(SecurityAffairs – hacking, VMware)