Lucene search
SAINT CorporationSAINT:B21EB0CE85BB4A8171AF59A4CF014F01HistorySep 28, 2021 - 12:00 a.m.
Microsoft Azure Open Management Infrastructure remote command execution
2021-09-2800:00:00
SAINT Corporation
download.saintcorporation.com
140
azure
management infrastructure
remote execution
vulnerability
upgrade
omi 1.6.8-1
EPSS
0.974
Percentile
100.0%
Added: 09/28/2021
Background
Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards.
Problem
A vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP **ExecuteShellCommand** request without an Authorization header.
Resolution
Upgrade to Open Management Infrastructure 1.6.8-1 or higher.
References
<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>
<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/>
Related
githubexploit
githubexploit
Exploit for Improper Initialization in Microsoft
2021-09-26 18:06:00
Exploit for Improper Initialization in Microsoft
2021-09-22 01:05:22
Exploit for Improper Initialization in Microsoft
2021-09-19 15:43:32
nvd
nvd
CVE-2021-38647
2021-09-15 12:15:15
saint
saint
Microsoft Azure Open Management Infrastructure remote command execution
2021-09-28 00:00:00
Microsoft Azure Open Management Infrastructure remote command execution
2021-09-28 00:00:00
ibm
ibm
prion
prion
Remote code execution
2021-09-15 12:15:00
cisa_kev
cisa_kev
packetstorm
packetstorm
Microsoft OMI Management Interface Authentication Bypass
2021-10-28 00:00:00
Microsoft OMI Management Interface Authentication Bypass
2021-11-10 00:00:00
metasploit
metasploit
Microsoft OMI Management Interface Authentication Bypass
2021-10-25 21:36:55
Microsoft OMI Management Interface Authentication Bypass
2021-10-27 16:05:56
nuclei
nuclei
Microsoft Open Management Infrastructure - Remote Code Execution
2021-09-15 16:10:58
attackerkb
attackerkb
CVE-2021-38647
2021-09-15 00:00:00
mscve
mscve
Open Management Infrastructure Remote Code Execution Vulnerability
2021-09-14 07:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2021-38647
2021-09-15 12:15:15
nessus
nessus
Microsoft Open Management Infrastructure RCE (CVE-2021-38647)
2021-09-20 00:00:00
Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities
2021-09-17 00:00:00
Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities
2021-09-17 00:00:00
cvelist
cvelist
zdt
zdt
Microsoft OMI Management Interface Authentication Bypass Exploit
2021-10-31 00:00:00
Microsoft OMI Management Interface Authentication Bypass Exploit
2021-11-10 00:00:00
thn
thn
msrc
msrc
threatpost
threatpost
Azure Zero-Day Bugs Show Lurking Supply-Chain Risk
2021-09-16 11:37:48
Microsoft Patches Actively Exploited Windows Zero-Day
2021-09-14 20:29:14
cisa
cisa
kaspersky
kaspersky
KLA12297 Multiple vulnerabilities in Microsoft System Center
2021-09-14 00:00:00
KLA12286 Mutliple vulnerabilities in Microsoft Azure
2021-09-14 00:00:00
rapid7blog
rapid7blog
OMIGOD: How to Automatically Detect and Fix Microsoft Azureโs New OMI Vulnerability
2021-09-15 14:30:57
Metasploit Wrap-Up
2021-10-29 17:59:46
Patch Tuesday - September 2021
2021-09-15 03:44:31
malwarebytes
malwarebytes
avleonov
avleonov
krebs
krebs
Microsoft Patch Tuesday, September 2021 Edition
2021-09-14 21:00:42
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday (September 2021) โ Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
2021-09-14 18:56:17
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00