CVE-2021-38647
Open Management Infrastructure Remote Code Execution Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- August 13, 2021
- Published Date
- September 15, 2021
- Last Updated
- February 04, 2025
- Vendor
- Microsoft
- Product
- Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub
- Description
- Open Management Infrastructure Remote Code Execution Vulnerability
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/cve_2021_38647_omigod.rb | 2025-04-29 11:01:18 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-38647.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
cve_2021_38647_omigod
Type: metasploit • Created: Unknown
AlteredSecurity/CVE-2021-38647
Type: github • Created: 2021-09-20 16:29:48 UTC • Stars: 68
SimenBai/CVE-2021-38647-POC-and-Demo-environment
Type: github • Created: 2021-09-19 15:43:32 UTC • Stars: 3
horizon3ai/CVE-2021-38647
Type: github • Created: 2021-09-16 02:11:36 UTC • Stars: 233
midoxnet/CVE-2021-38647
Type: github • Created: 2021-09-15 21:44:30 UTC • Stars: 8
corelight/CVE-2021-38647
Type: github • Created: 2021-09-15 04:51:02 UTC • Stars: 5