HomePentest-Tools.com Logo

Azure OMI - Remote Code Execution (OMIGOD - CVE-2021-38647) (CVE-2021-38647)

Severity
CVSSv3 Score
9.8
Vulnerability description

Azure server is affected by a Remote Code Execution in the Open Management Infrastructure (OMI) software agent that is preconfigured in the Linux VM deployed on Azure. The root cause of this vulnerability consists in a conditional statement coding mistake and an uninitialized authentication struct, so that any request made without the Authorization header will have administrative privileges. This allows an unauthenticated malicious attacker to execute arbitrary code on the server.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the Azure Server in order to steal confidential information, install ransomware or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade the OMI package to a version equal or higher than 1.6.8-1.

Codename
OMIGOD
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Sep 2021
Published at
Updated at
Software Type
Azure
Vendor
Microsoft
Product
Open Management Interface (OMI)