Security Alert (A21-11-08): Vulnerability in VMWare Products


 

Published on: 12 November 2021

  
  

Description:

VMware has published a security advisory to address a vulnerability in VMware products. The detailed information about the vulnerability can be found at the following URL:

  • https://www.vmware.com/security/advisories/VMSA-2021-0025.html

 

Affected Systems:

  • VMware vCenter Server version 6.7 and 7.0
  • VMware Cloud Foundation version 3.x and 4.x

 

Impact:

A successful exploitation of the vulnerability could lead to privilege escalation on the affected system.

 

Recommendation:

Patches for the affected products are not yet available but VMware has provided workaround to mitigate the risk. System administrators of affected systems should follow the recommendations provided by the product vendor to apply the workaround as far as practicable to mitigate the risk. System administrators should also properly assess the impact before adopting the workaround. As a security best practice, system administrators are advised not to expose VMware vCenter servers to the Internet if not necessary. Details of the workaround could be found at the following URL:

  • https://kb.vmware.com/s/article/86292

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2021-0025.html
  • https://kb.vmware.com/s/article/86292
  • https://www.hkcert.org/security-bulletin/vmware-vcenter-escalation-of-privilege-vulnerability_20211111
  • https://us-cert.cisa.gov/ncas/current-activity/2021/11/11/vmware-releases-security-advisory
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22048

 



Tag: vCenter , VMware , VMware Cloud Foundation
Tags