### [CVE-2021-38648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38648)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Automation%20State%20Configuration%2C%20DSC%20Extension&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Automation%20Update%20Management&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Diagnostics%20(LAD)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Security%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Sentinel&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20Stack%20Hub&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Container%20Monitoring%20Solution&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Log%20Analytics%20Agent&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Open%20Management%20Infrastructure&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=System%20Center%20Operations%20Manager%20(SCOM)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20Monitor%2C%20Update%20and%20Config%20Mgmnt%201.14.01%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20OMI%20version%3A%201.6.8-1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20OMS%20Agent%20for%20Linux%20GA%20v1.13.40-0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20publication%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=16.0%3C%20OMI%20Version%201.6.8-1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.0.0%3C%20DSC%20Agent%20versions%3A%202.71.1.25%2C%202.70.0.30%2C%203.0.0.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%20LAD%20v4.0.13%20and%20LAD%20v3.0.135%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen)

### Description

Open Management Infrastructure Elevation of Privilege Vulnerability

### POC

#### Reference
- http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/joshhighet/omi
- https://github.com/rcarboneras/OMIGOD-OMSAgentInfo
- https://github.com/sbiqbe/omigod-check
- https://github.com/wiz-sec-public/cloud-middleware-dataset
- https://github.com/wiz-sec/cloud-middleware-dataset