← back
CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 10.9%● KEV
Vexday Risk Score
91Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 10.9%KEV simPoC públicaNuclei Metasploit simPatch
Lifecycle
14 Sep 2021Metasploit module available
15 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A vulnerability in Open Management Infrastructure allows an authenticated attacker to escalate their privileges to a higher level of system access. This is dangerous because it enables unauthorized administrative control over the affected system.

Technical detail

This elevation of privilege vulnerability in OMI allows authenticated local users to gain elevated system privileges through insufficient access controls. The attack requires prior authentication and successful exploitation grants attacker elevated privileges on the target system.

Summary generated and translated by AI from the official description.
Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.