⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2021-38648

CWE-1390 CWE-269 — Improper Privilege Management CWE-287 — Improper Authentication10 documents8 sources

Severity

7.8HIGH

EPSS

31.8%

top 3.20%

CISA KEV

KEV

Added 2021-11-03

Due 2021-11-17

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Azure Automation Update Management Microsoft Azure Diagnostics (lad)Microsoft Azure Security Center +6 more

Timeline

PublishedSep 15

KEV addedNov 3

KEV dueNov 17

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft/open_management_infrastructure16.0 — OMI Version 1.6.8-1

▶CVEListV5microsoft/azure_automation_update_management1.0.0 — OMS Agent for Linux GA v1.13.40-0

▶CVEListV5microsoft/azure_sentinel1.0.0 — OMS Agent for Linux GA v1.13.40-0

▶CVEListV5microsoft/azure_stack_hub1.0.0 — Monitor, Update and Config Mgmnt 1.14.01+1

▶CVEListV5microsoft/log_analytics_agent1.0.0 — OMS Agent for Linux GA v1.13.40-0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p8gr-7qcg-86p9: Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649↗2022-05-24

▶

CVEList

Open Management Infrastructure Elevation of Privilege Vulnerability↗2021-09-15

▶

VulnCheck

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability↗2021-11-03

▶

Microsoft

Open Management Infrastructure Elevation of Privilege Vulnerability↗2021-09-14

▶

🕵️Threat Intelligence

Unit42

Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649)↗2021-09-16

▶

Wiz

OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers | Wiz Blog↗2021-09-14

▶

Wiz

OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers | Wiz Blog↗2021-09-14

▶

External resources

NVD MITRE CISA KEV

Affected products9

Microsoft Azure Automation Update Management≥ 1.0.0, < OMS Agent for Linux GA v1.13.40-0

Microsoft Azure Diagnostics (lad)≥ 3.0.0, < LAD v4.0.13 and LAD v3.0.135

Microsoft Azure Security Center≥ 1.0.0, < OMS Agent for Linux GA v1.13.40-0

Microsoft Azure Sentinel≥ 1.0.0, < OMS Agent for Linux GA v1.13.40-0

Microsoft Azure Stack HUB≥ 1.0.0, < Monitor, Update and Config Mgmnt 1.14.01≥ 1.0.0, < 3.1.135

Microsoft Container Monitoring Solution≥ 1.0.0, < publication

Microsoft LOG Analytics Agent≥ 1.0.0, < OMS Agent for Linux GA v1.13.40-0

Microsoft Open Management Infrastructure≥ 16.0, < OMI Version 1.6.8-1

Microsoft System Center Operations Manager (scom)≥ 1.0.0, < OMI version: 1.6.8-1

Disclosure

PublishedSep 15, 2021

KEV addedNov 3, 2021

KEV dueNov 17, 2021

Latest updateMay 24, 2022