• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2021-22048- IWA Privilege Escalation Vulnerability In VMware vCenter Server
How to Fix CVE-2021-22048- IWA privilege escalation vulnerability in VMware vCenter Server

The VCenter Server recently disclosed a high severity privilege escalation vulnerability in the Integrated Windows Authentication (IWA) mechanism known as CVE-2021-22048. A threat actor can exploit this vulnerability using non-administrative access to vCenter Server and use a loophole to elevate privileges to a higher privilege group. Since the vulnerability allows attackers to escalate privilege escalation, it’s critical to learn how to fix CVE-2021-22048, IWA Privilege Escalation Vulnerability in VMware VCenter.

VMware vCenter Server

VMware vCenter Server is an advanced server management tool providing a centralized platform to control vSphere environments for visibility across hybrid clouds. It gives deep visibility into the configuration of critical components of a virtual infrastructure from a single unit. 

Virtual environments are easier to manage using a vCenter Server as a single administrator can manage multiple workloads and increase productivity. Moreover, it can allocate and optimize resources for increased efficiency. 

Summary Of CVE-2021-22048

IWA Privilege Escalation Vulnerability in VMware vCenter was reported to VMware, allowing threat actors with non-administrative access to the vCenter Server to exploit this vulnerability and elevate privileges to a higher-privileged group. 

Associated CVE IDCVE-2021-22048
DescriptionPrivilege Escalation Vulnerability in VMware vCenter
Associated ZDI ID
CVSS Score8.8 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score5.9
Exploitability Score2.8
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

VMware vCenter Server Versions Affected By CVE-2021-22048

Here are the products affected by CVE-2021-22018-IWA Privilege Escalation Vulnerability in VMware vCenter.

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

How To Fix CVE-2021-22048- IWA Privilege Escalation Vulnerability In VMware vCenter?

VMware has investigated that the exploitation possibility can be eliminated by performing the workaround steps discussed below. The workaround needs to change the SSO identity configuration from IWA to one of the following options. 

  • Active Directory over LDAP authentication
  • Identity Provider Federation for AD FS 

Active Directory over the LDAP authentication is not affected by the CVE-2021-22048. However, it does not understand domain trusts, so users switching to this method must configure a unique identity resource for all the trusted domains. Identity Provider Federation for AD FS doesn’t have this limitation.

  • Visit this guide for switching to Active Directory over LDAPs.
  • Visit this guide for switching to Identity Provider Federation for AD FS.

How To Upgrade VMware vCenter Server?

Here are the steps you can follow to update VMware vCenter Server Appliance.

  1. Log in to the vCenter Server Application Management Interface as root.
  2. Click on the ‘Update‘ tab after going to the dashboard screen.
  3. Make sure that you check the ‘Check Updates‘ button from the CD ROM+URL.
  4. Select the target update of the vCenter. 
  5. Click ‘Stage and Install‘ and then read and accept the end user license agreement.
  6. A system pre-check confirms that all the patches can be installed successfully with the information.
  7. Sign in again using the vSphere SSO Administrator password.
  8. Make sure to back up the vCenter Server Appliance before clicking ‘Finish.’
  9. Patching will start, and it gets finished when a popup ‘Installation Succeeded‘ appears.

We hope this post will help you know how to fix CVE-2021-22048, IWA Privilege Escalation Vulnerability in VMware VCenter. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.