CVE-2024-21330

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 62.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Azure AutomationMicrosoft Azure Automation Update ManagementMicrosoft Azure Hdinsight+9 more
Timeline
PublishedMar 12

Description

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/open_management_infrastructure16.0OMI version 1.8.1-0+1
CVEListV5microsoft/azure_automation_update_management1.0.0OMS Agent for Linux GA v1.19.0
CVEListV5microsoft/azure_sentinel1.0.0OMS Agent for Linux GA v1.19.0
CVEListV5microsoft/azure_hdinsight1.0omi-1.8.1-0

🔴Vulnerability Details

2
CVEList
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability2024-03-12
GHSA
GHSA-6m8c-mx2x-w4pf: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability2024-03-12

📋Vendor Advisories

1
Microsoft
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability2024-03-12
CVE-2024-21330 (HIGH CVSS 7.8) | Open Management Infrastructure (OMI | cvebase.io