CVE-2021-38645

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 1.8%● KEV

In short

A flaw in Open Management Infrastructure allows a local attacker to gain higher privileges on a system. This is dangerous because once an attacker gains elevated access, they can take full control of the computer and access sensitive data.

Technical detail

Local privilege escalation vulnerability in Open Management Infrastructure (OMI) where an authenticated local user can exploit insufficient access controls to execute code with elevated privileges. The attack requires local system access and can result in complete system compromise.

Summary generated and translated by AI from the official description.

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Azure Automation State Configuration, DSC Extension Microsoft · Azure Automation Update Management Microsoft · Azure Diagnostics (LAD)Microsoft · Azure Security Center Microsoft · Azure Sentinel Microsoft · Azure Stack Hub Microsoft · Container Monitoring Solution Microsoft · Log Analytics Agent Microsoft · Open Management Infrastructure Microsoft · System Center Operations Manager (SCOM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38645