Last Year’s Vulnerability in VMware vCenter Server Is Still Unpatched

Vulnerability in VMware vCenter Server
Written by Emma Davis

VMware has warned customers that the latest version of vCenter Server 8.0 is still awaiting a fix for a privilege escalation vulnerability that was discovered in November 2021.

CrowdStrike in the IWA (Integrated Windows Authentication) vCenter Server mechanism found the issue in CVE-2021-22048. It also affects the VMware Cloud Foundation hybrid cloud platform. Attackers with non-administrative access can use this bug to elevate privileges.

Moreover, we wrote that the RCE vulnerability in VMware vCenter has already been used for attacks.

Troy Mursch

Troy Mursch

Bad Packets specialist Troy Mursch told Bleeping Computer that the attacks recorded by the company’s honeypots used code based on an incomplete exploit published by Vietnamese security researcher Yang.

VMware states that the vulnerability can only be exploited by attackers using a network adjacent to the target server, and the complexity of such an attack would be extremely high, although the vulnerability description in NIST NVD says that the problem can be exploited remotely, and the complexity of such an attack is rated as low.

Initially, the developers released patches for this problem in July 2022, which fixed the vulnerability only for servers with the latest version of vCenter Server 7.0 Update 3f available at that time. Moreover, as a result, the fix was generally withdrawn after 11 days, since it turned out that it did not completely eliminate the bug, and the Secure Token Service (vmware-stsd) crashed during the installation of the update.

Vulnerability in VMware vCenter Server

While this means there are still no patches, VMware is offering a workaround that will allow administrators to protect themselves from this attack vector. To block attack attempts, VMware recommends switching Active Directory to LDAP authentication or Identity Provider Federation for AD FS (vSphere 7.0 only) with IWA integrated.

Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication (IWA).VMware experts write.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending