The VCenter Server recently disclosed a high severity privilege escalation vulnerability in the Integrated Windows Authentication (IWA) mechanism known as CVE-2021-22048. A threat actor can exploit this vulnerability using non-administrative access to vCenter Server and use a loophole to elevate privileges to a higher privilege group. Since the vulnerability allows attackers to escalate privilege escalation, it’s critical to learn how to fix CVE-2021-22048, IWA Privilege Escalation Vulnerability in VMware VCenter.
VMware vCenter Server
VMware vCenter Server is an advanced server management tool providing a centralized platform to control vSphere environments for visibility across hybrid clouds. It gives deep visibility into the configuration of critical components of a virtual infrastructure from a single unit.
Virtual environments are easier to manage using a vCenter Server as a single administrator can manage multiple workloads and increase productivity. Moreover, it can allocate and optimize resources for increased efficiency.
Summary Of CVE-2021-22048
IWA Privilege Escalation Vulnerability in VMware vCenter was reported to VMware, allowing threat actors with non-administrative access to the vCenter Server to exploit this vulnerability and elevate privileges to a higher-privileged group.
|Associated CVE ID||CVE-2021-22048|
|Description||Privilege Escalation Vulnerability in VMware vCenter|
|Associated ZDI ID||–|
|CVSS Score||8.8 High|
|Attack Vector (AV)||Network|
|Attack Complexity (AC)||Low|
|Privilege Required (PR||Low|
|User Interaction (UI)||None|
VMware vCenter Server Versions Affected By CVE-2021-22048
Here are the products affected by CVE-2021-22018-IWA Privilege Escalation Vulnerability in VMware vCenter.
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
How To Fix CVE-2021-22048- IWA Privilege Escalation Vulnerability In VMware vCenter?
VMware has investigated that the exploitation possibility can be eliminated by performing the workaround steps discussed below. The workaround needs to change the SSO identity configuration from IWA to one of the following options.
- Active Directory over LDAP authentication
- Identity Provider Federation for AD FS
Active Directory over the LDAP authentication is not affected by the CVE-2021-22048. However, it does not understand domain trusts, so users switching to this method must configure a unique identity resource for all the trusted domains. Identity Provider Federation for AD FS doesn’t have this limitation.
- Visit this guide for switching to Active Directory over LDAPs.
- Visit this guide for switching to Identity Provider Federation for AD FS.
How To Upgrade VMware vCenter Server?
Here are the steps you can follow to update VMware vCenter Server Appliance.
- Log in to the vCenter Server Application Management Interface as root.
- Click on the ‘Update‘ tab after going to the dashboard screen.
- Make sure that you check the ‘Check Updates‘ button from the CD ROM+URL.
- Select the target update of the vCenter.
- Click ‘Stage and Install‘ and then read and accept the end user license agreement.
- A system pre-check confirms that all the patches can be installed successfully with the information.
- Sign in again using the vSphere SSO Administrator password.
- Make sure to back up the vCenter Server Appliance before clicking ‘Finish.’
- Patching will start, and it gets finished when a popup ‘Installation Succeeded‘ appears.
We hope this post would help you know how to fix CVE-2021-22048, IWA Privilege Escalation Vulnerability in VMware VCenter. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.