Advisory Type: IT Security
Severity: High Severity
Summary:
PDS is providing the following communication to build awareness of a critical vulnerability affecting VMware vCenter Server.
On November 10, 2021, VMware published Security Advisory VMSA-2021-0025 disclosing that a privilege escalation vulnerability exists in vCenter Server versions 6.7 and 7.0. CVE-2021-22048 is assessed with a CVSSv3 score of 7.1
A malicious actor exploiting the vulnerability could attain privileged access to vulnerable versions of vCenter Server 6.7 and 7.0.
There is no patch available yet, however there is a work-around available.
We strongly advise customers to review the VMware advisory and evaluate the environment for risk. PDS Architects are available to assist with the assessment and mitigation, your Account Director can assist in arranging support for this issue.