You can now find Cyber Kendra on Google News | Telegram

Critical Privilege Escalation Bug in vCenter - No Patch yet

Critical privilege escalation vulnerability in the vCenter Server.

VMware security team has released a security advisory that briefly describes a privilege escalation vulnerability in the vCenter Server. This vulnerability in vCenter is tracked as CVE-2021-22048 having the Common Vulnerability Scoring System (CVSS) as a score of 7.1/10.  

According to the brief description of the bug, the bug was discovered by Yaron Zinar and Sagi Sheinfeld security researcher of Crowdstrike. With this bug, the threat actors with non-administrative access to vCenter Server could exploit the vulnerability to escalate their privileges to a group with greater access to critical areas in the system. This flaw resides in vCenter Server v6.7 and v7.0, in addition to affecting Cloud Foundation 3.x and 4.x.

Currently, there is no fix available for this bug, but VMware recommends mitigating the risk of exploitation is the change to AD over LDAPS authentication, from Integrated Authentication with Windows; at the moment the presence of other functional alternative solutions is unknown.

Till yet there is no such evidence or any statement from the vendor that the bug is been exploited in wild. But still, this will be a critical issue as there are multiple hacking groups dedicated to exploiting vulnerabilities in the vCenter Server, so it is important for administrators of these deployments to stay on top of any new security risks related to these vulnerabilities.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.