Multiple vulnerabilities in Microsoft Open Management Infrastructure (OMI)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-21330 CVE-2024-21334 |
| CWE-ID | CWE-264 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft System Center Operations Manager Server applications / Remote management servers, RDP, SSH Operations Management Suite Agent for Linux (OMS) Other software / Other software solutions Open Management Infrastructure Other software / Other software solutions Log Analytics Agent Other software / Other software solutions Container Monitoring Solution Other software / Other software solutions Azure Sentinel Other software / Other software solutions Azure Security Center Other software / Other software solutions Azure Automation Update Management Other software / Other software solutions Azure Automation Client/Desktop applications / Other client software |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU87372
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21330
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Open Management Infrastructure (OMI), which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft System Center Operations Manager: 2019 - 2022
Operations Management Suite Agent for Linux (OMS): All versions
Open Management Infrastructure: All versions
Log Analytics Agent: All versions
Container Monitoring Solution: All versions
Azure Sentinel: All versions
Azure Security Center: All versions
Azure Automation Update Management: All versions
Azure Automation: All versions
External linkshttp://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU87373
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21334
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the Open Management Infrastructure (OMI). A remote attacker can execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft System Center Operations Manager: 2019 - 2022
Open Management Infrastructure: All versions
External linkshttp://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
