Vulnerability Details CVE-2021-22048
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html
- http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html
- https://www.vmware.com/security/advisories/VMSA-2021-0025.html
- http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html
- http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html
- https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Products affected by CVE-2021-22048
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.2
-
cpe:2.3:a:vmware:cloud_foundation:3.10.2.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.2.2
-
cpe:2.3:a:vmware:cloud_foundation:3.5
-
cpe:2.3:a:vmware:cloud_foundation:3.5.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7
-
cpe:2.3:a:vmware:cloud_foundation:3.7.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7.2
-
cpe:2.3:a:vmware:cloud_foundation:3.8
-
cpe:2.3:a:vmware:cloud_foundation:3.8.1
-
cpe:2.3:a:vmware:cloud_foundation:3.9
-
cpe:2.3:a:vmware:cloud_foundation:3.9.1
-
cpe:2.3:a:vmware:vcenter_server:6.5
-
cpe:2.3:a:vmware:vcenter_server:6.7
-
cpe:2.3:a:vmware:vcenter_server:7.0
-
cpe:2.3:o:vmware:cloud_foundation:4.1.0.1