Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago

VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048, in the vCenter Server. The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows […]

VMware Fusion Pwn2Own Berlin 2025

VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021.

VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048, in the vCenter Server.

The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism.

The vulnerability can be exploited by an attacker with non-administrative access to vulnerable vCenter Server deployments to elevate privileges to a higher privileged group.

VMware vCenter Server

“The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.” reads the advisory published by the company. “A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.”

The CVE-2021-22048 flaw was reported by CrowdStrike researchers Yaron Zinar and Sagi Sheinfeld on November 10th, 2021.

In July 2022, VMware addressed the CVE-2021-22048 vulnerability for the latest available release at the time (vCenter Server 7.0 Update 3f). Unfortunately, the security patches released by the company did not fix the issue and caused the crash of the Secure Token Service triggering an exception in postInstallHook.

The security patches were rolled back for the above issue.

“VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and may introduce a functional issue for customers using IWA. Please review KB89027 for more information.” reported the advisory published by the virtualization giant.

At the time, the company provided a workaround for this vulnerability, suggesting switching to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 only) from Integrated Windows Authentication (IWA).

“VMware has investigated and determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article.” states the company.

“This workaround requires that the SSO identity source configuration is switched from Integrated Windows Authentication (IWA) to one of the options below.

1)  Active Directory over LDAPs authentication 
2)  Identity Provider Federation for AD FS (vSphere 7.0 or later)”

VMware states that Active Directory over LDAP authentication is not impacted by this issue. However, the company urges customers to move to another authentication method.

“Active Directory over LDAPs does not understand domain trusts, so customers that switch to this method will have to configure a unique identity source for each of their trusted domains. Identity Provider Federation for AD FS does not have this restriction.” concludes the advisory.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2021-22048)

[adrotate banner=”5″]

[adrotate banner=”13″]