HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-38649

CVSS 7.0v3.1pub. 2021-09-15upd. 2025-10-30

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Azure Automation State Configuration

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Automation Update Management

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Diagnostics \(lad\)

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Open Management Infrastructure

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Security Center

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Sentinel

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Azure Stack Hub

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Container Monitoring Solution

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Log Analytics Agent

    APP
    Microsoft
    wszystkie wersje
  • Microsoft System Center Operations Manager

    APP
    Microsoft
    wszystkie wersje

CISA KEV — detailsi

Vendori
Microsoft
Producti
Open Management Infrastructure (OMI)
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 17 listopada 2021
CWE
References

Related vulnerabilities

CVE-2021-38647CRITICAL9.8⚠ KEVten sam produkt

Open Management Infrastructure Remote Code Execution Vulnerability

CVE-2024-38220CRITICAL9.0PL ✓ten sam produkt

Microsoft Azure Stack Hub — Elevation of Privilege (podatność krytyczna)

CVE-2024-38108CRITICAL9.3PL ✓ten sam produkt

XSS/Spoofing w Microsoft Azure Stack Hub — krytyczna podatność

CVE-2024-21334CRITICAL9.8PL ✓ten sam produkt

RCE w Open Management Infrastructure (OMI) — use-after-free

CVE-2021-38648HIGH7.8⚠ KEVten sam produkt

Open Management Infrastructure Elevation of Privilege Vulnerability