Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ManagedServices

VMware vCenter Server Privilege Escalation Vulnerability

November 21, 2021

Severity: Critical

VMware has investigated and confirmed possible exploits that can be performed by a malicious attacker using “privileged account escalation” method.

Issue / Vulnerability

A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

This workaround requires that the SSO (Single Sign-On) identity source configuration is switched from Integrated Windows Authentication (IWA) to one of the options below.

  1. Active Directory over LDAPs authentication
  2. Identity Provider Federation for AD FS (vSphere 7.0 only)

VMware announced this on their Security Solutions Advisory as:

VMSA-2021-0025.1: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

Who Is Affected?

Impacted Products are as follows:

  • VMware vCenter Server (vCenter Server)
    • vCenter Server 7.0
    • vCenter Server 6.7
    • vCenter Server 6.5
  • VMware Cloud Foundation (Cloud Foundation)
    • Cloud Foundation (vCenter Server) 4.x
    • Cloud Foundation (vCenter Server) 3.x

Remediation / Action Plan

Currently there is no resolution — until a patch becomes available.

VMware suggest implementing a workaround:

Contact Cornerstone.IT — We are here to assist you.