CVE-2021-38645
Open Management Infrastructure Elevation of Privilege Vulnerability
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 1.9%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
49 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Open Management Infrastructure allows a local attacker to gain higher privileges on a system. This is dangerous because once an attacker gains elevated access, they can take full control of the computer and access sensitive data.
Technical detail
Local privilege escalation vulnerability in Open Management Infrastructure (OMI) where an authenticated local user can exploit insufficient access controls to execute code with elevated privileges. The attack requires local system access and can result in complete system compromise.
Summary generated and translated by AI from the official description.
Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Azure Automation State Configuration, DSC ExtensionMicrosoft · Azure Automation Update ManagementMicrosoft · Azure Diagnostics (LAD)Microsoft · Azure Security CenterMicrosoft · Azure SentinelMicrosoft · Azure Stack HubMicrosoft · Container Monitoring SolutionMicrosoft · Log Analytics AgentMicrosoft · Open Management InfrastructureMicrosoft · System Center Operations Manager (SCOM)