Vulnerability Description
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Cloud Foundation | >= 3.0, <= 3.10.2.2 |
| Vmware | Vcenter Server | 6.5 |
References
- http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2Release NotesThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3Release NotesThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0025.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2Release NotesThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3Release NotesThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0025.htmlPatchVendor Advisory
FAQ
What is CVE-2021-22048?
CVE-2021-22048 is a vulnerability with a CVSS score of 8.8 (HIGH). The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Se...
How severe is CVE-2021-22048?
CVE-2021-22048 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22048?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Cloud Foundation, Vmware Vcenter Server.