← back
CVE-2021-38645

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 1.9%● KEV
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 1.9%KEV simPoC Nuclei Metasploit Patch
Lifecycle
15 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
49 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Open Management Infrastructure allows a local attacker to gain higher privileges on a system. This is dangerous because once an attacker gains elevated access, they can take full control of the computer and access sensitive data.

Technical detail

Local privilege escalation vulnerability in Open Management Infrastructure (OMI) where an authenticated local user can exploit insufficient access controls to execute code with elevated privileges. The attack requires local system access and can result in complete system compromise.

Summary generated and translated by AI from the official description.
Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C