Lucene search
+L

11 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/11/12 3:36 p.m.388 views

Metasploit Wrap-Up

Callback Hell Metasploit has now added an exploit module for CVE-2021-40449, a Windows local privilege escalation exploit caused by a use-after-free during the NtGdiResetDC callback in vulnerable versions of win32k.sys. This module can be used to escalate privileges to those of NT AUTHORITY\SYSTE...

6.8CVSS9AI score0.73381EPSS
Exploits18
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.293 views

Microsoft OMI Management Interface Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft OMI Management Interface Authentication Bypass', 'Description' = %q By removing the authentication exchange, an attacker can issue...

7.5CVSS7.4AI score0.99723EPSS
Exploits20
0day.today
0day.today
added 2021/11/10 12:0 a.m.340 views

Microsoft OMI Management Interface Authentication Bypass Exploit

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...

9.8CVSS7.6AI score0.99723EPSS
Exploits20
VulnCheck KEV
VulnCheck KEV
added 2021/09/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-38648

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...

7.8CVSS7.3AI score0.11424EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2021/09/17 12:0 a.m.1274 views

Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities

The version of Microsoft Open Management Infrastructure OMI package installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to...

9.8CVSS8.7AI score0.99723EPSS
Exploits20References7
MSRC
MSRC
added 2021/09/16 7:0 a.m.43 views

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege EoP vulnerabilities and one unauthenticated Remote Code Execution RCE vulnerability in the Open Management...

9.8CVSS7.8AI score0.99723EPSS
Exploits20
Circl
Circl
added 2021/09/15 4:22 p.m.11 views

CVE-2021-38648

creationtimestamp| type| source ---|---|--- 2021-09-15 16:22:29+00:00| seen| https://t.me/cibsecurity/28884 2021-09-16 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/09/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/ 2021-11-08 08:58:19+00:00|...

7.8CVSS7.4AI score0.11424EPSS
Exploits4References7
NVD
NVD
added 2021/09/15 12:15 p.m.21 views

CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability...

7.8CVSS0.11424EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2021/09/15 11:24 a.m.10 views

CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability

...

7.8CVSS7.2AI score0.11424EPSS
Exploits4References2
MSRC
MSRC
added 2021/09/14 7:0 a.m.34 views

2021 年 9 月のセキュリティ更新プログラム (月例)

更新 9 月 17 日: 9 月の月例セキュリティ更新日に公開した Open Management Infrastructure OMI の脆弱性 CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, CVE-2021-38647 に関して、追加のガイダン...

7.5CVSS0.8AI score0.99723EPSS
Exploits20
Kaspersky
Kaspersky
added 2021/09/14 12:0 a.m.62 views

KLA12297 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Open Management...

9.8CVSS9.3AI score0.99723EPSS
Exploits20References8
Rows per page
Query Builder