The Microsoft Open Management Infrastructure service detected on the remote host is affected by a remote code execution vulnerability due to insufficient authentication validation. An unauthenticated, remote attacker can exploit this to execute code on the remote host as root.

Binary data omi_cve-2021-38647.nbin

VendorProductVersionCPE
microsoftopen_management_infrastructurex-cpe:/a:microsoft:open_management_infrastructure

Vendor	Product	Version	CPE
microsoft	open_management_infrastructure		x-cpe:/a:microsoft:open_management_infrastructure

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38647

github.com/microsoft/omi/releases/tag/v1.6.8-1

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647

www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure

saint 3

githubexploit 13

prion 1

ibm 1

packetstorm 2

cisa_kev 1

checkpoint_advisories 1

cve 1

metasploit 2

attackerkb 1

mscve 1

nuclei 1

zdt 2

msrc 4

thn 2

rapid7blog 3

nessus 2

threatpost 2

kaspersky 2

cisa 1

krebs 1

malwarebytes 1

avleonov 1

qualysblog 3

saint

Microsoft Azure Open Management Infrastructure remote command execution

2021-09-28 00:00:00

Microsoft Azure Open Management Infrastructure remote command execution

2021-09-28 00:00:00

Microsoft Azure Open Management Infrastructure remote command execution

2021-09-28 00:00:00

githubexploit

Exploit for Improper Initialization in Microsoft

2021-09-22 01:05:22

Exploit for Improper Initialization in Microsoft

2021-09-26 18:06:00

Exploit for Improper Initialization in Microsoft

2021-09-19 15:43:32

prion

Remote code execution

2021-09-15 12:15:00

ibm

Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

2021-09-30 15:02:10

packetstorm

Microsoft OMI Management Interface Authentication Bypass

2021-10-28 00:00:00

Microsoft OMI Management Interface Authentication Bypass

2021-11-10 00:00:00

cisa_kev

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

2021-11-03 00:00:00

checkpoint_advisories

Microsoft Open Management Infrastructure Remote Code Execution (CVE-2021-38647)

2021-09-21 00:00:00

cve

CVE-2021-38647

2021-09-15 12:15:00

metasploit

Microsoft OMI Management Interface Authentication Bypass

2021-10-25 21:36:55

Microsoft OMI Management Interface Authentication Bypass

2021-10-27 16:05:56

attackerkb

CVE-2021-38647

2021-09-15 00:00:00

mscve

Open Management Infrastructure Remote Code Execution Vulnerability

2021-09-14 07:00:00

nuclei

Microsoft Open Management Infrastructure - Remote Code Execution

2021-09-15 16:10:58

zdt

Microsoft OMI Management Interface Authentication Bypass Exploit

2021-10-31 00:00:00

Microsoft OMI Management Interface Authentication Bypass Exploit

2021-11-10 00:00:00

msrc

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

2021-09-16 07:00:00

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

2021-09-17 01:28:04

2021 年 9 月のセキュリティ更新プログラム (月例)

2021-09-14 07:00:00

thn

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

2021-09-15 18:36:00

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

2021-09-15 05:00:00

rapid7blog

OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability

2021-09-15 14:30:57

Metasploit Wrap-Up

2021-10-29 17:59:46

Patch Tuesday - September 2021

2021-09-15 03:44:31

nessus

Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities

2021-09-17 00:00:00

Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities

2021-09-17 00:00:00

threatpost

Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

2021-09-16 11:37:48

Microsoft Patches Actively Exploited Windows Zero-Day

2021-09-14 20:29:14

kaspersky

KLA12297 Multiple vulnerabilities in Microsoft System Center

2021-09-14 00:00:00

KLA12286 Mutliple vulnerabilities in Microsoft Azure

2021-09-14 00:00:00

cisa

Microsoft Releases Security Update for Azure Linux Open Management Infrastructure

2021-09-16 00:00:00

krebs

Microsoft Patch Tuesday, September 2021 Edition

2021-09-14 21:00:42

malwarebytes

[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears … OMIGOD

2021-09-15 13:19:48

avleonov

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

2021-09-18 23:22:00

qualysblog

Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities

2021-09-14 18:56:17

Qualys Response to CISA Alert: Binding Operational Directive 22-01

2021-11-09 06:15:01

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for OMI_CVE-2021-38647.NBIN