CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-21334

CVSS 9.8v3.1pub. 2024-03-12upd. 2024-11-29

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-416 (use-after-free), meaning that an attacker can cause the OMI process to reference a memory area that has already been freed. Through the network, without any required privileges, it is possible to trigger unpredictable behavior of the process and gain control over code execution. The attack vector is network-based and attack complexity is low, which means a low barrier to entry for a potential attacker.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code remotely (RCE) in the context of the OMI process, which may lead to complete system takeover, violation of data confidentiality and integrity, and loss of service availability.

Mitigation & patch

Patches available from the vendor should be applied according to references — update described in Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334

Who is affected

Microsoft Open Management Infrastructure and Microsoft System Center Operations Manager — versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Open Management Infrastructure

    APP
    Microsoft
    < 1.8.1-0
  • Microsoft System Center Operations Manager

    APP
    Microsoft
    20192022
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2021-38647CRITICAL9.8⚠ KEVten sam produkt

Open Management Infrastructure Remote Code Execution Vulnerability

CVE-2021-38649HIGH7.0⚠ KEVten sam produkt

Open Management Infrastructure Elevation of Privilege Vulnerability

CVE-2021-38645HIGH7.8⚠ KEVten sam produkt

Open Management Infrastructure Elevation of Privilege Vulnerability

CVE-2021-38648HIGH7.8⚠ KEVten sam produkt

Open Management Infrastructure Elevation of Privilege Vulnerability

CVE-2026-20967HIGH8.8ten sam produkt

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privile...