skip to Main Content

Cybersecurity, 4 vulnerabilities in Azure VM management extensions OMI agent

Microsoft: There are 4 vulnerabilities in the Open Management Infrastructure (OMI) agent. They could allow an attacker to raise their privileges and remote arbitrary code execution. Furthermore, there is a PoC online

The Open Management Infrastructure (OMI) agent has four vulnerabilities, one of them with “critical” severity. Those are the CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647. It has been denounced by Microsoft cybersecurity experts. The OMI agent is automatically installed by some Azure Virtual Machines management extension. Those, if enabled on cloud Linux servers, could allow an attacker to raise their privileges and remote arbitrary code execution. Furthermore, there is a Proof of Concept (PoC) already released and spreading on the web. Moreover, all OMI versions below v1.6.8-1 are vulnerable. To block the flaws, users have to update the extensions to the last version available.

Back To Top