9.8

CVE-2021-38647

Warnung
Exploit

Open Management Infrastructure Remote Code Execution Vulnerability

Open Management Infrastructure Remote Code Execution Vulnerability

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Schwachstelle

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.72% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html
Third Party Advisory
Exploit
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647
Patch
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647
US Government Resource