CVE-2021-38649
Open Management Infrastructure Elevation of Privilege Vulnerability
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7EPSS 2.0%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Weaponization speed
49 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Open Management Infrastructure allows a local attacker to gain higher privileges on a system. An attacker with basic user access could escalate to administrator-level permissions.
Technical detail
The vulnerability exists in Open Management Infrastructure's privilege escalation mechanism, exploitable by local authenticated users. The attack leverages insufficient access control checks to elevate privileges from standard user to administrative level, requiring prior local system access.
Summary generated and translated by AI from the official description.
Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Azure Automation State Configuration, DSC ExtensionMicrosoft · Azure Automation Update ManagementMicrosoft · Azure Diagnostics (LAD)Microsoft · Azure Security CenterMicrosoft · Azure SentinelMicrosoft · Azure Stack HubMicrosoft · Container Monitoring SolutionMicrosoft · Log Analytics AgentMicrosoft · Open Management InfrastructureMicrosoft · System Center Operations Manager (SCOM)