CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-38647

CVSS 9.8v3.1pub. 2021-09-15upd. 2025-10-30

Open Management Infrastructure Remote Code Execution Vulnerability

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Azure Automation State Configuration

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Automation Update Management

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Diagnostics \(lad\)

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Open Management Infrastructure

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Security Center

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Sentinel

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Stack Hub

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Container Monitoring Solution

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Log Analytics Agent

    APP
    Microsoft
    wszystkie wersje
  • Microsoft System Center Operations Manager

    APP
    Microsoft
    wszystkie wersje

CISA KEV — detailsi

Vendori
Microsoft
Producti
Open Management Infrastructure (OMI)
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 17 listopada 2021
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-38220CRITICAL9.0PL ✓ten sam produkt

Microsoft Azure Stack Hub — Elevation of Privilege (podatność krytyczna)

CVE-2024-38108CRITICAL9.3PL ✓ten sam produkt

XSS/Spoofing w Microsoft Azure Stack Hub — krytyczna podatność

CVE-2024-21334CRITICAL9.8PL ✓ten sam produkt

RCE w Open Management Infrastructure (OMI) — use-after-free

CVE-2021-38648HIGH7.8⚠ KEVten sam produkt

Open Management Infrastructure Elevation of Privilege Vulnerability

CVE-2021-38649HIGH7.0⚠ KEVten sam produkt

Open Management Infrastructure Elevation of Privilege Vulnerability