CVE-2021-38648

Warning

Exploit

EPSS 28.53%
Published 15.09.2021 12:15:15
Last modified 07.03.2025 21:54:07
Source secure@microsoft.com
Teams watchlist Login
Open Login

Open Management Infrastructure Elevation of Privilege Vulnerability

Affected products Warnungen 1 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Azure Automation State Configuration Version-

Microsoft ≫ Azure Automation Update Management Version-

Microsoft ≫ Azure Diagnostics (lad) Version-

Microsoft ≫ Azure Open Management Infrastructure Version-

Microsoft ≫ Azure Security Center Version-

Microsoft ≫ Azure Sentinel Version-

Microsoft ≫ Azure Stack Hub Version-

Microsoft ≫ Container Monitoring Solution Version-

Microsoft ≫ Log Analytics Agent Version-

Microsoft ≫ System Center Operations Manager Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Vulnerability

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	28.53%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html

Third Party Advisory

Exploit

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-38648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38648

EUVD