This month Microsoft released patches for 86 vulnerabilities. While many of these vulnerabilities are important and should be patched as soon as possible, there is one critical vulnerability that McAfee Enterprise wants to immediately bring to your attention due to the simplicity of what is required to exploit, and evidence that possible exploitation is already being attempted.
The list of flaws, collectively called OMIGOD, impact a software agent called Open Management Infrastructure that’s automatically deployed in many Azure services –
CVE-2021-38647 (CVSS score: 9.8) – Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38648 (CVSS score: 7.8) – Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38645 (CVSS score: 7.8) – Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38649 (CVSS score: 7.0) – Open Management Infrastructure Elevation of Privilege Vulnerability
Azure customers on Linux machines, including users of Azure Automation, Azure Automatic Update, Azure Operations Management Suite (OMS), Azure Log Analytics, Azure Configuration Management, and Azure Diagnostics, are at risk of potential exploitation. OMI can also be installed outside of Azure on any on-premises Linux system.
The Remote Code Execution is extremely simple and all that is required is to remove the auth header and root access is available remotely on all machines. With this vulnerability the attackers can obtain initial access to the target Azure environment and then move laterally within it.
Campaign: Multiple CVE’s Affecting the Azure OMI Agent Dubbed OMIGOD
Source: ..
Support the originator by clicking the read the rest link below.
