Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-38647
CVE-2021-38647:
Open Management Infrastructure (OMI) vulnerability analysis and mitigation
Overview
The Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2021-38647) is a critical security flaw discovered in Microsoft's OMI, an open-source Common Information Model (CIM) management server used for managing Unix and Linux systems. The vulnerability was disclosed on September 14, 2021, affecting Azure Linux virtual machines with OMI agents installed by default. This vulnerability impacts multiple Azure services including Azure Automation, Azure Automatic Update, Azure Operations Management Suite, Azure Log Analytics, Azure Configuration Management, Azure Diagnostics, and Azure Container Insights (Wiz Blog, Tenable Blog).
Technical details
CVE-2021-38647 is a remote code execution vulnerability with a CVSSv3 score of 9.8 (Critical). The vulnerability can be exploited by an unauthenticated, remote attacker by sending a specially crafted request to a vulnerable system over publicly accessible remote management ports (5986, 5985, and 1270). The exploit is remarkably simple - an attacker only needs to send a request without an Authorization header, which causes the system to execute commands with root privileges due to an uninitialized authentication struct defaulting to uid=0, gid=0 (Tenable Blog, Wiz Blog).
Impact
The vulnerability allows attackers to execute arbitrary code with root privileges on vulnerable Linux VMs. When OMI ports are exposed to the internet, attackers can gain initial access to Azure environments and potentially move laterally within the network. In a survey conducted by Wiz, over 65% of sampled Azure customers were found to be exposed to these vulnerabilities and unknowingly at risk (Wiz Blog).
Mitigation and workarounds
Microsoft released patches to address the vulnerability in August 2021. The fixed version of OMI is 1.6.8-1 and above. For cloud deployments with automatic updates enabled, Microsoft provides automatic updates. For systems without automatic updates, users need to manually update following Microsoft's instructions. Organizations are advised to check their Linux VMs for exposed OMI ports and ensure they are not accessible from the internet (Tenable Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management