Lucene search

K
saintSAINT CorporationSAINT:B21EB0CE85BB4A8171AF59A4CF014F01
HistorySep 28, 2021 - 12:00 a.m.

Microsoft Azure Open Management Infrastructure remote command execution

2021-09-2800:00:00
SAINT Corporation
download.saintcorporation.com
123

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Added: 09/28/2021

Background

Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards.

Problem

A vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP **ExecuteShellCommand** request without an Authorization header.

Resolution

Upgrade to Open Management Infrastructure 1.6.8-1 or higher.

References

<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647&gt;
<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/&gt;

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P