VMware has issued a security fix for a VMware vCenter Server IWA privilege escalation vulnerability.
The vCenter Server contains a privilege escalation vulnerability (CVE-2021-22048) in the IWA (Integrated Windows Authentication) authentication mechanism. VMware has rated the flaw Important and CVSSv3 base score is 7.1.
“A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group,” VMware stated in the advisory.
Moreover, admins can also implement a workaround by switching from IWA to AD over LDAPS authentication/Identity Provider Federation for AD FS (vSphere 7.0 only).
Impacted products include VMware vCenter Server and VMware Cloud Foundation.
It is also important to limit exposure of and quickly patch vCenter servers exposed to the internet. As revealed earlier this year, multiple proof-of-concepts (PoCs) were posted online for exploits against vulnerable internet-facing VMware vCenter servers.
- VMware patches Critical vCenter Server vulnerability (CVE-2021-22005) exploited in the wild
- VMware patches High risk vulnerability (CVE-2021-22002) in Workspace ONE Access and Identity Manager
- Babuk ransomware: Soon to be targeting VMware and *nix systems?
- Thousands of unpatched VMware vCenter servers exposed on the internet