August 17, 2022

There has lastly been a patch launched by VMware for an affected model of vCenter Server’s IWA mechanism, eight months after a high-severity privilege escalation vulnerability was disclosed.

CrowdStrike Safety’s Yaron Zinar and Sagi Sheinfeld reported the vulnerability and it has been tracked as CVE-2021-22048 on their respective methods. 

It additionally impacts the hybrid cloud platform VMware’s Cloud Basis as properly, together with the IWA mechanism constructed into the vCenter Server.

EHA

An attacker can elevate privileges to the next privileged group by efficiently exploiting this vulnerability on unpatched vCenter Server deployments that don’t require administrative entry as a way to execute malicious code.

Flaw profile

  • CVE ID: CVE-2021-22048
  • CVSS Rating: 7.1
  • Advisory ID: VMSA-2021-0025.2
  • Abstract: The vCenter Server accommodates a privilege escalation vulnerability within the IWA (Built-in Home windows Authentication) authentication mechanism.
  • Situation Date: 2021-11-10
  • Up to date On: 2022-07-12

Merchandise impacted

Right here under we’ve talked about all of the merchandise which can be impacted by this safety flaw:-

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Basis (Cloud Basis)

This bug has been rated essential by VMware, which implies it’s within the vary of severity for a essential bug. It signifies that the info of a consumer is compromised in a very unreliable method as a consequence of licensed assaults or consumer help, which ends up in an entire compromise of information integrity or confidentiality.

Since there are a number of variations of vCenter Server which can be affected by this vulnerability, that’s why VMware has launched replace 3f for vCenter Server 7.0.

Workaround

Since VMware’s safety advisory was first revealed on November tenth, 2021, eight months in the past, the corporate has supplied a workaround to take away the assault vector.

See also  SOC Analyst Coaching – Cyber Assault Intrusion Evaluation With SIEM Instruments|From Scratch To Superior

VMware’s knowledgebase article claims that if an assault is tried on Built-in Home windows Authentication (IWA), directors are suggested to change to Energetic Listing over LDAPs authentication or Id Supplier Federation for AD FS (vSphere 7.0 solely) as a way to forestall such assaults.

You’ll be able to comply with us on Linkedin, TwitterFb for every day Cybersecurity and hacking information updates.