CVE-2021-38649

Confirmed PUBLISHED

Open Management Infrastructure Elevation of Privilege Vulnerability

Microsoft · Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.0 High

At a Glance

Open Management Infrastructure Elevation of Privilege Vulnerability

cisa microsoft
CVE Published
Sep 15, 2021
Exploitation Reported
Nov 03, 2021
CVSS
7.0 High
EPSS
No user interaction

Affected Versions

Vendor Product Version Status
Microsoft
Open Management Infrastructure

16.0 to < OMI Version 1.6.8-1

Affected
Microsoft
System Center Operations Manager (SCOM)

1.0.0 to < OMI version: 1.6.8-1

Affected
Microsoft
Azure Automation State Configuration, DSC Extension

2.0.0 to < DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3

Affected
Microsoft
Azure Automation Update Management

1.0.0 to < OMS Agent for Linux GA v1.13.40-0

Affected
Microsoft
Log Analytics Agent

1.0.0 to < OMS Agent for Linux GA v1.13.40-0

Affected
Microsoft
Azure Diagnostics (LAD)

3.0.0 to < LAD v4.0.13 and LAD v3.0.135

Affected
Microsoft
Container Monitoring Solution

1.0.0 to < publication

Affected
Microsoft
Azure Security Center

1.0.0 to < OMS Agent for Linux GA v1.13.40-0

Affected
Microsoft
Azure Sentinel

1.0.0 to < OMS Agent for Linux GA v1.13.40-0

Affected
Microsoft
Azure Stack Hub

1.0.0 to < Monitor, Update and Config Mgmnt 1.14.01

Affected
Microsoft
Azure Stack Hub

1.0.0 to < 3.1.135

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.