CVE-2021-38649

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS 7 HIGHEPSS 1.9%● KEV

In short

A flaw in Open Management Infrastructure allows a local attacker to gain higher privileges on a system. An attacker with basic user access could escalate to administrator-level permissions.

Technical detail

The vulnerability exists in Open Management Infrastructure's privilege escalation mechanism, exploitable by local authenticated users. The attack leverages insufficient access control checks to elevate privileges from standard user to administrative level, requiring prior local system access.

Summary generated and translated by AI from the official description.

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Azure Automation State Configuration, DSC Extension Microsoft · Azure Automation Update Management Microsoft · Azure Diagnostics (LAD)Microsoft · Azure Security Center Microsoft · Azure Sentinel Microsoft · Azure Stack Hub Microsoft · Container Monitoring Solution Microsoft · Log Analytics Agent Microsoft · Open Management Infrastructure Microsoft · System Center Operations Manager (SCOM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38649