CVE-2024-21330

Summary

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftSystem Center Operations Manager (SCOM) 201910.19.0 < 10.19.1253.0affected
MicrosoftSystem Center Operations Manager (SCOM) 202210.22.0 < 10.22.1070.0affected
MicrosoftAzure Automation1.0.0 < OMS Agent for Linux GA 1.19.0affected
MicrosoftAzure Automation Update Management1.0.0 < OMS Agent for Linux GA v1.19.0affected
MicrosoftAzure Sentinel1.0.0 < OMS Agent for Linux GA v1.19.0affected
MicrosoftContainer Monitoring Solution1.0.0 < microsoft-oms-latest with full ID: sha256:855bfeb0affected
MicrosoftAzure HDInsight1.0 < omi-1.8.1-0affected
MicrosoftOpen Management Infrastructure16.0 < OMI version 1.8.1-0affected
MicrosoftOpen Management Infrastructure1.0.0 < 1.8.1-0affected
MicrosoftAzure Security Center1.0.0 < OMS Agent for Linux GA 1.19.0affected
MicrosoftLog Analytics Agent1.0.0 < OMS Agent for Linux GA v1.19.0affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References