OMI versions 1.6.8-1-CVE-2021-38647
NAME
Open Management Infrastructure – Open Management Infrastructure
- Platforms Affected:
Open Management Infrastructure - Risk Level:
high - CVE Type:
RCE
DESCRIPTION
CVE-2021-38647 is a remote code execution (RCE) vulnerability impacting Open Management Infrastructure (OMI) agent versions 1.6.8 and earlier. A Metasploit module was observed in open source and a link to an exploit was shared in the underground. A successful exploitation of this vulnerability would allow an attacker to execute arbitrary code by sending a specially crafted message via HTTPS to a port listening to OMI on a vulnerable system. Additionally, a security researcher claimed threat actors are actively scanning Azure Linux OMI endpoints vulnerable to remote code execution and there have been attempts to exploit this vulnerability in the wild.
CVSS Information:
- CVSS 2.0 SCORE:
- CVSS 3.0 SCORE: 9.8
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://github[.]com/horizon3ai/CVE-2021-38647
MITIGATION
OMI project addressed the vulnerability on the GitHub software development platform in OMI agent version 1.6.8-1. Further, the vendor using OMI agent within their products has released patching and mitigation information for impacted products and corresponding versions.
- Reference Link:
https://github.com/microsoft/omi/releases - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.