Home

CVE-2021-22048

Description

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.786

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in VMware vCenter 6.5Windows
Multiple Vulnerabilities are affected in VMware vCenter 6.7Windows
Multiple Vulnerabilities are affected in VMware vCenter 7.0Windows
Multiple Vulnerabilities are affected in VMware vCenter Server 6.5Windows
Multiple Vulnerabilities are affected in VMware vCenter Server 6.7Windows
Multiple Vulnerabilities are affected in VMware vCenter Server 7.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234