CVE-2021-22048: 
vSphere vCenter Server vulnerability analysis and mitigation

The vCenter Server contains a privilege escalation vulnerability (CVE-2021-22048) in the IWA (Integrated Windows Authentication) authentication mechanism, discovered and reported by Yaron Zinar and Sagi Sheinfeld of Crowdstrike. The vulnerability was disclosed on November 10, 2021, affecting VMware vCenter Server versions 6.5, 6.7, 7.0, 8.0 and VMware Cloud Foundation versions 3.x and 4.x (VMware Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High severity). The vulnerability exists in the IWA (Integrated Windows Authentication) authentication mechanism of vCenter Server, which could allow privilege escalation when exploited (VMware Advisory).

A malicious actor with non-administrative access to vCenter Server may exploit this vulnerability to elevate privileges to a higher privileged group, potentially gaining increased access to critical system resources and sensitive data (VMware Advisory).

VMware has released patches for affected versions. As a workaround, administrators can switch from Integrated Windows Authentication (IWA) to either AD over LDAPS authentication or Identity Provider Federation for AD FS (vSphere 7.0 or later). Fixed versions include vCenter Server 8.0a and 7.0 U3i (VMware Advisory).