CVE-2021-38648
Open Management Infrastructure Elevation of Privilege Vulnerability
Vexday Risk Score
91Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 10.9%KEV simPoC públicaNuclei —Metasploit simPatch —
Lifecycle
14 Sep 2021Metasploit module available
15 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A vulnerability in Open Management Infrastructure allows an authenticated attacker to escalate their privileges to a higher level of system access. This is dangerous because it enables unauthorized administrative control over the affected system.
Technical detail
This elevation of privilege vulnerability in OMI allows authenticated local users to gain elevated system privileges through insufficient access controls. The attack requires prior authentication and successful exploitation grants attacker elevated privileges on the target system.
Summary generated and translated by AI from the official description.
Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Azure Automation State Configuration, DSC ExtensionMicrosoft · Azure Automation Update ManagementMicrosoft · Azure Diagnostics (LAD)Microsoft · Azure Security CenterMicrosoft · Azure SentinelMicrosoft · Azure Stack HubMicrosoft · Container Monitoring SolutionMicrosoft · Log Analytics AgentMicrosoft · Open Management InfrastructureMicrosoft · System Center Operations Manager (SCOM)public PoCs found — 1
cve_referencepacketstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.