Описание
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
Successful exploitation of this vulnerability will locally elevate the attacker's privileges to communicate as Root with OMI server.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker be an authenticated user on the resource to access the necessary socket files to control the OMI service.
What actions do I need to take to be protected from this vulnerability?
Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0.
What is OMI?
Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. More information can be found here: GitHub - Open Management Infrastructure.
What products are affected by this vulnerability and how can I protect myself?
The following table lists the affected services and the required customer action to protect against this vulnerability.
| Affected Product | Fixed Version Number | Customer action required |
|---|---|---|
| OMI as standalone package | OMI version v1.8.1-0 | Manually download the update here |
| System Center Operations Manager (SCOM) Management Pack for UNIX and Linux Operating Systems | Management Pack for SCOM 2019: 10.19.1253.0 | Manually download and update the applicable management packs: 2019, or 2022. |
| Management Pack for SCOM 2022: 10.22.1070.0 | ||
| Log Analytics Agent | OMS Agent for Linux GA v1.19.0 | Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here. |
| Azure Security Center | OMS Agent for Linux GA v1.19.0 | Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here. |
| Container Monitoring Solution | Image tag: microsoft-oms-latest with full ID: sha256:855bfeb0599e1e1d954ab8660808cc24bb190a4447818cd3fa8ad89bdad88df4 | Manually update the OMS-docker image using instructions here. |
| Azure Sentinel | OMS Agent for Linux GA v1.19.0 | Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here. |
| Azure Automation | OMS Agent for Linux GA v1.19.0 | Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here. |
| Azure Automation Update Management | OMS Agent for Linux GA v1.19.0 | Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here. |
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Automation | - | |
| Open Management Infrastructure | ||
| Azure Automation Update Management | - | |
| Log Analytics Agent | ||
| Container Monitoring Solution | ||
| Azure Security Center | - | |
| Azure Sentinel | - | |
| Azure HDInsight | ||
| System Center Operations Manager 2019 | ||
| System Center Operations Manager 2022 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Уязвимость сервера управления предприятием через Интернет Open Management Infrastructure (OMI) расширений для управления виртуальными машинами Azure, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3