CVE-2022-33640
published 2022-08-09CVE-2022-33640: System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.55%
41.9th percentile
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | open_management_infrastructure | < 1.6.10-2 | 1.6.10-2 |
| microsoft | open_management_infrastructure | >= 16.0 < 1.6.10-2 | 1.6.10-2 |
| microsoft | system_center_operations_manager | — | — |
| microsoft | system_center_operations_manager | — | — |
| microsoft | system_center_operations_manager | — | — |
| microsoft | system_center_operations_manager_2016 | >= 7.6.0 < 7.6.1113.0 | 7.6.1113.0 |
| microsoft | system_center_operations_manager_2019 | >= 10.19.0 < 10.19.1158.0 | 10.19.1158.0 |
| microsoft | system_center_operations_manager_2022 | >= 10.22.0 < 10.22.1032.0 | 10.22.1032.0 |
| msrc | open_management_infrastructure | — | — |
| msrc | system_center_operations_manager_2016 | — | — |
| msrc | system_center_operations_manager_2019 | — | — |
| msrc | system_center_operations_manager_2022 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
vendor_msrc·2022-08-09·CVSS 7.8
CVE-2022-33640 [HIGH] System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
FAQ: How does this impact SCOM customers?
SCOM 2016, 2019, and 2022 customers who monitor Linux machines and use Kerberos-based authentication are impacted by this vulnerability.
How can an attacker exploit the vulnerability?
OMI supports Kerberos as one of the authentication mechanisms. This authentication mechanism is only used by SCOM, with no Azure service using it. A fixed temp file is used while keeping omi keytab in sync with the default keytab. The temp file can be manipulated by an attacker to insert a new key in the omi keytab and gain elevated privileges on the machine. The attacker must be locally logged in to the machine on which the OMI components are running.
What pro
GHSA
GHSA-6625-jr57-474g: System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-08-10
CVE-2022-33640 [HIGH] CWE-269 GHSA-6625-jr57-474g: System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability.
No detection rules found.
No public exploits indexed.
2022-08-09
Published