#VU64319 Permissions, Privileges, and Access Controls in Microsoft Other software


Published: 2022-06-14

Vulnerability identifier: #VU64319

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29149

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Microsoft System Center Operations Manager
Server applications / Remote management servers, RDP, SSH
Container Monitoring Solution
Other software / Other software solutions
Log Analytics Agent
Other software / Other software solutions
Azure Stack Hub
Other software / Other software solutions
Azure Sentinel
Other software / Other software solutions
Azure Security Center
Other software / Other software solutions
Azure Open Management Infrastructure
Other software / Other software solutions
Azure Diagnostics (LAD)
Other software / Other software solutions
Azure Automation Update Management
Other software / Other software solutions
Azure Automation State Configuration, DSC Extension
Other software / Other software solutions

Vendor: Microsoft

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Azure Open Management Infrastructure (OMI), which leads to security restrictions bypass and privilege escalation.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Microsoft System Center Operations Manager: 2016 - 2022

Container Monitoring Solution: All versions

Log Analytics Agent: All versions

Azure Stack Hub: All versions

Azure Sentinel: All versions

Azure Security Center: All versions

Azure Open Management Infrastructure: All versions

Azure Diagnostics (LAD): All versions

Azure Automation Update Management: All versions

Azure Automation State Configuration, DSC Extension: All versions


External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability