Privilege Escalation Vulnerability in vCenter Server by VMware
CVE-2021-22048

8.8HIGH

Key Information:

Vendor
Vmware
Status
Vmware Vcenter Server And Vmware Cloud Foundation
Vendor
CVE Published:
10 November 2021

Summary

A vulnerability exists in VMware's vCenter Server through the Integrated Windows Authentication (IWA) mechanism. This flaw allows a malicious actor who has non-administrative access to exploit the system and elevate their privileges, potentially granting access to more sensitive areas of the server. Organizations using vCenter Server should be aware of this vulnerability and implement the necessary upgrades or patches to mitigate potential risks. Regular audits and monitoring can aid in identifying any unauthorized access attempts.

Affected Version(s)

VMware vCenter Server and VMware Cloud Foundation VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)

References

https://www.vmware.com/security/advisories/VMSA-2021-0025...
x_refsource_MISC
http://packetstormsecurity.com/files/167733/VMware-Securi...
x_refsource_MISC
http://packetstormsecurity.com/files/167795/VMware-Securi...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.