Thursday, April 3, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityVMware vCenter Server Flaw Let Attacker Exploit to Perform Elevate Privileges Attack

VMware vCenter Server Flaw Let Attacker Exploit to Perform Elevate Privileges Attack

CVE/vulnerabilitycyber securityUncategorized

Published on

By Priya James
VMware vCenter Server Flaw Let Attacker Exploit to Perform Elevate Privileges Attack

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

There has finally been a patch released by VMware for an affected version of vCenter Server’s IWA mechanism, eight months after a high-severity privilege escalation vulnerability was disclosed.

CrowdStrike Security’s Yaron Zinar and Sagi Sheinfeld reported the vulnerability and it has been tracked as CVE-2021-22048 on their respective systems. 

It also affects the hybrid cloud platform VMware’s Cloud Foundation as well, along with the IWA mechanism built into the vCenter Server.

An attacker can elevate privileges to a higher privileged group by successfully exploiting this vulnerability on unpatched vCenter Server deployments that do not require administrative access in order to execute malicious code.

Flaw profile

  • CVE ID: CVE-2021-22048
  • CVSS Score: 7.1
  • Advisory ID: VMSA-2021-0025.2
  • Summary: The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.
  • Issue Date: 2021-11-10
  • Updated On: 2022-07-12

Products impacted

Here below we have mentioned all the products that are impacted by this security flaw:-

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

This bug has been rated critical by VMware, which means it is in the range of severity for a critical bug. It means that the data of a user is compromised in a completely unreliable way due to authorized attacks or user assistance, which leads to a complete compromise of data integrity or confidentiality.

Since there are multiple versions of vCenter Server that are affected by this vulnerability, that’s why VMware has released update 3f for vCenter Server 7.0.

Workaround

Since VMware’s security advisory was first published on November 10th, 2021, eight months ago, the company has provided a workaround to remove the attack vector.

VMware’s knowledgebase article claims that if an attack is attempted on Integrated Windows Authentication (IWA), administrators are advised to switch to Active Directory over LDAPs authentication or Identity Provider Federation for AD FS (vSphere 7.0 only) in order to prevent such attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Priya James
Priya James

Latest articles

Cyber Security News

Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online

A sophisticated remote access trojan (RAT) dubbed SnowDog has surfaced on underground cybercrime forums, prompting alarms...
Cyber Security News

Authorities Shut Down Kidflix Child Abuse Platform in Major Takedown

In one of the most significant operations against child sexual exploitation in recent history,...
Cyber Security News

Massive GitHub Leak: 39M API Keys & Credentials Exposed – How to Strengthen Security

Over 39 million API keys, credentials, and other sensitive secrets were exposed on GitHub...
Cyber Security News

GoResolver: A Powerful New Tool for Analyzing Golang Malware

Analyzing malware has become increasingly challenging, especially with the growing popularity of programming languages...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

CVE/vulnerability

Cisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin Access

Cisco has disclosed critical vulnerabilities in its Smart Licensing Utility software, identified as CVE-2024-20439...
CVE/vulnerability

Verizon Call Filter App Vulnerability Exposed Call Log Data of Customers

A vulnerability in Verizon's Call Filter app for iOS has been discovered, allowing unauthorized...
cyber security

Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware

A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved