high

Azure Open Management Infrastructure (OMI) Elevation of Privilege

Published Tue, Jun 14th, 2022

Platforms

Summary

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that allowed privilege escalation (note that this vulnerability is different than OMIGOD, which also resided in the OMI agent).

Affected Services

Azure Automation, Azure Diagnostics, Azure HDInsight, Azure Stack Hub

Remediation

In some cases no manual action is required, but for most Azure services, customers must manually patch the OMI agent. See Microsoft's advisory (linked in references) for further details on how to update in each case.

Tracked CVEs

CVE-2022-29149

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29149

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Tue, Jun 14th, 2022

Exploitability Period

Known ITW Exploitation

Detection Methods

OMI version < 1.6.9.1

Piercing Index Rating

Discovered by

Microsoft

More vulnerabilities...

medium

Privilege escalation and file poisoning in Synapse Analytics

Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that of the root user within the context of a Spark VM. They also discovered a separate flaw th...

TenableJun 13, 2022

medium

GKE Authorized Networks bypass via Cloud Functions or Cloud Run

Executing Cloud Functions or Cloud Run in any project and in any organization allowed bypassing the GKE Authorized Networks (aka Kubernetes control plane firewalls) of a cluster in a different pro...

Peter CollinsJun 7, 2022

low

MWAA logs leak tokens and hostnames

Two API calls used by Amazon Managed Workflows for Apache Airflow (MWAA) to convert AWS IAM credentials into tokens that can be used to login to Airflow (CreateCliToken and CreateWebLoginToken) wer...

Ben Reser, VibesMay 31, 2022

View all