← back
CVE-2021-38647

Open Management Infrastructure Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 99.7%● KEV
In short

A critical vulnerability in Open Management Infrastructure allows attackers to execute arbitrary code remotely without needing valid credentials. This can completely compromise an affected system.

Technical detail

Unauthenticated remote code execution in Open Management Infrastructure via network-accessible endpoints; attackers can exploit this without authentication to achieve arbitrary code execution with system privileges. Pre-condition: the OMI service must be exposed and running; impact includes full system compromise and potential lateral movement in enterprise environments.

Summary generated and translated by AI from the official description.
Open Management Infrastructure Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Azure Automation State Configuration, DSC ExtensionMicrosoft · Azure Automation Update ManagementMicrosoft · Azure Diagnostics (LAD)Microsoft · Azure Security CenterMicrosoft · Azure SentinelMicrosoft · Azure Stack HubMicrosoft · Container Monitoring SolutionMicrosoft · Log Analytics AgentMicrosoft · Open Management InfrastructureMicrosoft · System Center Operations Manager (SCOM)
public PoCs found13
githubgithub.com/horizon3ai/CVE-2021-38647233githubgithub.com/AlteredSecurity/CVE-2021-3864768githubgithub.com/marcosimioni/omigood20githubgithub.com/midoxnet/CVE-2021-386478githubgithub.com/corelight/CVE-2021-386475githubgithub.com/SimenBai/CVE-2021-38647-POC-and-Demo-environment3githubgithub.com/Immersive-Labs-Sec/cve-2021-386472githubgithub.com/craig-m-unsw/omigod-lab1githubgithub.com/Vulnmachines/OMIGOD_cve-2021-386471githubgithub.com/goofsec/omigod1githubgithub.com/corelight/CVE-2021-38647-noimages0githubgithub.com/abousteif/cve-2021-386470cve_referencepacketstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647