4 matches found
CVE-2021-38647
CVE-2021-38647 (OMIGOD) is an unauthenticated remote code execution vulnerability in Microsoft Open Management Infrastructure (OMI) commonly deployed on Azure Linux VMs. Exploitation is achieved by sending a crafted HTTP request without the Authorization header, enabling code execution with the O...
CVE-2021-38645
Open Management Infrastructure (OMI) in Azure VM Management Extensions contains CVE-2021-38645, an Elevation of Privilege vulnerability. OMI runs with root privileges; when vulnerable, it can be exploited locally to escalate privileges on affected hosts. Microsoft addressed the OMIGOD set (CVE-20...
CVE-2021-38648
CVE-2021-38648 is a local privilege-escalation flaw in Microsoft Open Management Infrastructure (OMI). Multiple sources confirm an authentication bypass allowing a local attacker to issue commands to the OMI socket (default UNIX socket at /var/opt/omi/run/omiserver.sock) and execute as root. The ...
CVE-2021-38649
CVE-2021-38649 is part of the OMIGOD family affecting Open Management Infrastructure (OMI) used by Azure VM Management Extensions. The vulnerability is an Elevation of Privilege flaw in OMI that can permit a local attacker to escalate privileges on Linux-based Azure VMs where OMI is exposed. Expl...