Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMicrosoft Azure Automation State Configuration
APPMicrosoftwszystkie wersjeMicrosoft Azure Automation Update Management
APPMicrosoftwszystkie wersjeMicrosoft Azure Diagnostics \(lad\)
APPMicrosoftwszystkie wersjeMicrosoft Azure Open Management Infrastructure
APPMicrosoftwszystkie wersjeMicrosoft Azure Security Center
APPMicrosoftwszystkie wersjeMicrosoft Azure Sentinel
APPMicrosoftwszystkie wersjeMicrosoft Azure Stack Hub
APPMicrosoftwszystkie wersjeMicrosoft Container Monitoring Solution
APPMicrosoftwszystkie wersjeMicrosoft Log Analytics Agent
APPMicrosoftwszystkie wersjeMicrosoft System Center Operations Manager
APPMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Open Management Infrastructure (OMI)
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- November 17, 2021(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 17 listopada 2021
Related vulnerabilities
CVE-2021-38647CRITICAL9.8⚠ KEVten sam produkt
Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2024-38220CRITICAL9.0PL ✓ten sam produkt
Microsoft Azure Stack Hub — Elevation of Privilege (podatność krytyczna)
CVE-2024-38108CRITICAL9.3PL ✓ten sam produkt
XSS/Spoofing w Microsoft Azure Stack Hub — krytyczna podatność
CVE-2024-21334CRITICAL9.8PL ✓ten sam produkt
RCE w Open Management Infrastructure (OMI) — use-after-free
CVE-2021-38649HIGH7.0⚠ KEVten sam produkt
Open Management Infrastructure Elevation of Privilege Vulnerability