CVE-2021-38647

Summary

Open Management Infrastructure Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftOpen Management Infrastructure16.0 < OMI Version 1.6.8-1affected
MicrosoftSystem Center Operations Manager (SCOM)1.0.0 < OMI version: 1.6.8-1affected
MicrosoftAzure Automation State Configuration, DSC Extension2.0.0 < DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3affected
MicrosoftAzure Automation Update Management1.0.0 < OMS Agent for Linux GA v1.13.40-0affected
MicrosoftLog Analytics Agent1.0.0 < OMS Agent for Linux GA v1.13.40-0affected
MicrosoftAzure Diagnostics (LAD)3.0.0 < LAD v4.0.13 and LAD v3.0.135affected
MicrosoftContainer Monitoring Solution1.0.0 < publicationaffected
MicrosoftAzure Security Center1.0.0 < OMS Agent for Linux GA v1.13.40-0affected
MicrosoftAzure Sentinel1.0.0 < OMS Agent for Linux GA v1.13.40-0affected
MicrosoftAzure Stack Hub1.0.0 < Monitor, Update and Config Mgmnt 1.14.01affected
MicrosoftAzure Stack Hub1.0.0 < 3.1.135affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References