Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-29149 |
CWE-ID | CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Microsoft System Center Operations Manager Server applications / Remote management servers, RDP, SSH Container Monitoring Solution Other software / Other software solutions Log Analytics Agent Other software / Other software solutions Azure Stack Hub Other software / Other software solutions Azure Sentinel Other software / Other software solutions Azure Security Center Other software / Other software solutions Azure Open Management Infrastructure Other software / Other software solutions Azure Diagnostics (LAD) Other software / Other software solutions Azure Automation Update Management Other software / Other software solutions Azure Automation State Configuration, DSC Extension Other software / Other software solutions |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU64319
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-29149
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Open Management Infrastructure (OMI), which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft System Center Operations Manager: 2016 - 2022
Container Monitoring Solution: All versions
Log Analytics Agent: All versions
Azure Stack Hub: All versions
Azure Sentinel: All versions
Azure Security Center: All versions
Azure Open Management Infrastructure: All versions
Azure Diagnostics (LAD): All versions
Azure Automation Update Management: All versions
Azure Automation State Configuration, DSC Extension: All versions
CPE2.3http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.