Eight months after a vulnerability in the Integrated Windows Authentication of VMware vCenter Server and Cloud Foundation became known, the manufacturer is providing a software update for one of the affected products. The other products can be secured with a workaround. Attackers could use the vulnerability to increase their privileges.
According to VMware, the vCenter Server contains a vulnerability that allows malicious users with non-administrative access rights to escalate their privileges. The error lies in the authentication mechanism Integrated Windows Authentication (IWA) (CVE-2021-22048, CVSS 7.1risk “high“).
As a countermeasure, IT managers should rely on other authentication mechanisms. AD via LDAPS authentication or Identity Provider Federation for AD FS (only in vSphere 7.0) are safe alternatives.
are affected VMware vCenter 6.5, 6.7 and 7.0 as well as the Cloud Foundation (vCenter Server) 3.x and 4.x. VMware now has with vCenter Server 7.0 U3f released a bug-fixed version with which the IWA authentication can be used. The other software versions should rely on the workaround and use other authentication mechanisms until an update is available.
VMware is a common target for cybercriminals. The US cyber security authority CISA recently warned of attacks on VMware security gaps. Administrators should therefore not put off installing updates for VMware products for long.