Privilege Escalation Vulnerability in vCenter Server by VMware
CVE-2021-22048

8.8HIGH

Key Information:

Vendor

Vmware
Status
Vmware Vcenter Server And Vmware Cloud Foundation
Vendor
CVE Published:
10 November 2021

What is CVE-2021-22048?

A vulnerability exists in VMware's vCenter Server through the Integrated Windows Authentication (IWA) mechanism. This flaw allows a malicious actor who has non-administrative access to exploit the system and elevate their privileges, potentially granting access to more sensitive areas of the server. Organizations using vCenter Server should be aware of this vulnerability and implement the necessary upgrades or patches to mitigate potential risks. Regular audits and monitoring can aid in identifying any unauthorized access attempts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VMware vCenter Server and VMware Cloud Foundation VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)

References

https://www.vmware.com/security/advisories/VMSA-2021-0025...
x_refsource_MISC
http://packetstormsecurity.com/files/167733/VMware-Securi...
x_refsource_MISC
http://packetstormsecurity.com/files/167795/VMware-Securi...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.