Lucene search

CVE-2021-38647

🗓️ 15 Sep 2021 12:15:15Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 1121 Views🌐 WEB

Open Management Infrastructure Remote Code Execution Vulnerability CVE-2021-3864

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 56
Saint	Microsoft Azure Open Management Infrastructure remote command execution	28 Sep 202100:00	–	saint
Saint	Microsoft Azure Open Management Infrastructure remote command execution	28 Sep 202100:00	–	saint
Saint	Microsoft Azure Open Management Infrastructure remote command execution	28 Sep 202100:00	–	saint
GithubExploit	Exploit for Improper Initialization in Microsoft	22 Sep 202101:05	–	githubexploit
GithubExploit	Exploit for Improper Initialization in Microsoft	26 Sep 202118:06	–	githubexploit
GithubExploit	Exploit for Vulnerability in Microsoft	18 Sep 202115:25	–	githubexploit
GithubExploit	Exploit for Vulnerability in Microsoft	15 Sep 202121:44	–	githubexploit
GithubExploit	Exploit for Improper Initialization in Microsoft	22 Sep 202115:20	–	githubexploit
GithubExploit	Exploit for Improper Initialization in Microsoft	19 Sep 202115:43	–	githubexploit
GithubExploit	Exploit for Improper Initialization in Microsoft	20 Sep 202116:29	–	githubexploit

Nvd

Vulners

Node

microsoft azure_automation_state_configurationMatch-

microsoft azure_automation_update_managementMatch-

microsoft azure_diagnostics_(lad)Match-

microsoft azure_open_management_infrastructureMatch-

microsoft azure_security_centerMatch-

microsoft azure_sentinelMatch-

microsoft azure_stack_hubMatch-

microsoft container_monitoring_solutionMatch-

microsoft log_analytics_agentMatch-

microsoft system_center_operations_managerMatch-

[
  {
    "vendor": "Microsoft",
    "product": "Open Management Infrastructure",
    "cpes": [
      "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0",
        "lessThan": "OMI Version 1.6.8-1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "System Center Operations Manager (SCOM)",
    "cpes": [
      "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMI version: 1.6.8-1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Automation State Configuration, DSC Extension",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "2.0.0",
        "lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Automation Update Management",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.13.40-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Log Analytics Agent",
    "cpes": [
      "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.13.40-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Diagnostics (LAD)",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "3.0.0",
        "lessThan": "LAD v4.0.13 and LAD v3.0.135",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Container Monitoring Solution",
    "cpes": [
      "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Security Center",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.13.40-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Sentinel",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.13.40-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Stack Hub",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "1.0.0",
        "lessThan": "3.1.135",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647

Parameter	Position	Path	Description	CWE
cmd	request body	/wsman	An attacker can issue an HTTP request to the OMI management endpoint causing it to execute an operating system command as the root user.	CWE-264, CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Sep 2021 12:15Current

7.3High risk

Vulners AI Score7.3

CVSS27.5

CVSS39.8

EPSS0.94342

In Wild