CVE-2024-21330

Published Mar 12, 2024

Last updated a year ago

CVSS high 7.8

Overview

Description: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed
Products: azure_automation, azure_automation_update_management, azure_security_center, azure_sentinel, container_monitoring_solution, log_analytics_agent, operations_management_suite_agent_for_linux, system_center_operations_manager

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-122
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:azure_automation:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D341E199-250C-47C7-ABE8-39973A5C63E0"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA1626DA-5B19-4291-B840-633EF458984C"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B80F8C3B-BEF9-43D5-9455-6C6F608CF519"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:operations_management_suite_agent_for_linux:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1B6D6F4-F48C-482B-B54B-6962D6D506A9",
            "versionEndExcluding": "1.8.1-0"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References