cbcvebase.
CVE-2024-21334
published 2024-03-12

CVE-2024-21334: Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
20.16%
97.1th percentile
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Affected

9 ranges
VendorProductVersion rangeFixed in
microsoftopen_management_infrastructure< 1.8.1-01.8.1-0
microsoftopen_management_infrastructure>= 16.0 < OMI version 1.8.1-0OMI version 1.8.1-0
microsoftsystem_center_operations_manager
microsoftsystem_center_operations_manager
microsoftsystem_center_operations_manager_2019>= 10.19.0 < 10.19.1253.010.19.1253.0
microsoftsystem_center_operations_manager_2022>= 10.22.0 < 10.22.1070.010.22.1070.0
msrcopen_management_infrastructure
msrcsystem_center_operations_manager_2019
msrcsystem_center_operations_manager_2022

Detection & IOCsextracted from sources · hover to see the quote

versionOMI version 1.8.1-0
snort
63140, 63141, 63142, 63144, 63145, 63152, 63153, 63155, 63156, 63161, 63162, 63169, 63170
snort
300855, 300856, 300858, 300859, 300860
  • Detect exploitation attempts by monitoring for specially crafted requests sent to the OMI instance from the internet targeting the use-after-free vulnerability in OMI.
  • If OMI network listening is not required, disable OMI incoming ports on Linux machines as a mitigation/detection chokepoint.
  • ·Talos Snort rules listed cover multiple March 2024 Patch Tuesday CVEs, not exclusively CVE-2024-21334. Validate which rule SIDs specifically target OMI before deploying.
  • ·Additional Snort rules may be released at a future date and current rules are subject to change pending additional information.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.