VMware finally released patch after eight months of disclosing the high severity vulnerability in VMware vCenter Server’s Integrated Windows Authentication (IWA) authentication mechanism. (tracked as CVE-2021-22048)

Based on the CVSS vulnerability severity scale its rated 8.8 and is affecting vCenter Server versions are 6.5, 6.7, and 7.0.  Also affects VMware’s Cloud Foundation hybrid cloud platform deployments

“A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.” Said VMware in the security advisory.

This vulnerability can be exploited in high complexity attacks requiring least privileges and no user interaction from the same logical or physical network which the targeted server is located.

Remediate

VMware recommends users to update vCenter or follow the workarounds. Organizations are advised to apply the related security updates/workarounds as soon as possible to mitigate the risk of exploitation.

Sources

• https://www.vmware.com/security/advisories/VMSA-2021-0025.html
• https://www.bleepingcomputer.com/news/security/vmware-patches-vcenter-server-flaw-disclosed-in-november/