CVE-2022-29149

7 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 56.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Azure Automation Update ManagementMicrosoft Azure Diagnostics (lad)Microsoft Azure Security Center+10 more
Timeline
PublishedJun 15
Latest updateAug 5

Description

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

CVEListV5microsoft/open_management_infrastructure16.0OMI Version 1.6.9-1
CVEListV5microsoft/azure_automation_update_management1.0.0OMS Agent for Linux GA v1.14.13
CVEListV5microsoft/azure_sentinel1.0.0OMS Agent for Linux GA v1.14.13

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
CVEList
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability2022-06-15

📋Vendor Advisories

1
Microsoft
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability2022-06-14

🕵️Threat Intelligence

3
Wiz
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI | Wiz Blog2022-08-05
Wiz
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI | Wiz Blog2022-08-05
Wiz
Securing Azure middleware agents with new auto-patching capabilities | Wiz Blog2022-08-05
CVE-2022-29149 (HIGH CVSS 7.8) | Open Management Infrastructure (OMI | cvebase.io