CVE-2024-21330: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Mar

Released

2024-03-12

Last Updated

2024-04-09

EPSS Score

0.17% (percentile: 37.7%)

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability? Successful exploitation of this vulnerability will locally elevate the attacker's privileges to communicate as Root with OMI server. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker be an authenticated user on the resource to access the necessary socket files to control the OMI service. What actions do I need to take to be protected from this vulnerability? Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0. What is OMI? Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. More information can be found here: GitHub - Open Management Infrastructure. What products are affected by this vulnerability and how can I protect myself? The following table lists the affected services and the required customer action to protect against this vulnerability. Affected Product Fixed Version Number Customer action required OMI as standalone package OMI version v1.8.1-0 Manually download the update here System Center Operations Manager (SCOM) Management Pack for UNIX and Linux Operating Systems Management Pack for SCOM 2019: 10.19.1253.0 Manually download and update the applicable management packs:  2019, or 2022. Management Pack for SCOM 2022: 10.22.1070.0 Log Analytics Agent OMS Agent for Linux GA v1.19.0 Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here. Azure Security Center OMS Agent for Linux GA v1.19.0 Manually download and update the OMS shell bundle using instructions here OR through Azure Powershel

Affected Products (11)

System Center

• System Center Operations Manager (SCOM) 2019
• System Center Operations Manager (SCOM) 2022

Azure

• Azure Automation
• Azure Automation Update Management
• Azure Sentinel
• Container Monitoring Solution
• Azure HDInsight
• Open Management Infrastructure
• Operations Management Suite Agent for Linux (OMS)
• Azure Security Center
• Log Analytics Agent

Security Updates (7)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Acknowledgments

Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a>

Revision History

• 2024-03-12: Information published.
• 2024-04-09: In the Security Updates table, added Azure HDInsights because this product is also affected by this vulnerability. Microsoft strongly recommends that customers running Azure HDInsights install the updates to be fully protected from the vulnerability.