Description

Open Management Infrastructure Elevation of Privilege Vulnerability

Related CPE's

a

microsoft

azure_automation_state_configuration

-

Vulnerable

a

microsoft

azure_automation_update_management

-

Vulnerable

a

microsoft

azure_diagnostics_\(lad\)

-

Vulnerable

a

microsoft

azure_open_management_infrastructure

-

Vulnerable

a

microsoft

azure_security_center

-

Vulnerable

a

microsoft

azure_sentinel

-

Vulnerable

a

microsoft

azure_stack_hub

-

Vulnerable

a

microsoft

container_monitoring_solution

-

Vulnerable

a

microsoft

log_analytics_agent

-

Vulnerable

a

microsoft

system_center_operations_manager

-

Vulnerable

References

http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html

ExploitThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648

PatchVendor Advisory

http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html

ExploitThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648

PatchVendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-15T12:15:15.147

3 years ago

Last modified

2025-03-07T21:58:29.880

4 months ago