#VU64319 Permissions, Privileges, and Access Controls in Microsoft products - CVE-2022-29149
Published: June 14, 2022
Vulnerability identifier: #VU64319
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-29149
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft System Center Operations Manager
Container Monitoring Solution
Log Analytics Agent
Azure Stack Hub
Azure Sentinel
Azure Security Center
Azure Open Management Infrastructure
Azure Diagnostics (LAD)
Azure Automation Update Management
Azure Automation State Configuration, DSC Extension
Microsoft System Center Operations Manager
Container Monitoring Solution
Log Analytics Agent
Azure Stack Hub
Azure Sentinel
Azure Security Center
Azure Open Management Infrastructure
Azure Diagnostics (LAD)
Azure Automation Update Management
Azure Automation State Configuration, DSC Extension
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Open Management Infrastructure (OMI), which leads to security restrictions bypass and privilege escalation.
Remediation
Install updates from vendor's website.