critical

OMIGOD

Published Tue, Jun 1st, 2021
Platforms

Summary

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that would grant root RCE if an attacker could send a web request to them. Initially, Microsoft did not update the agent automatically, and so customers had to patch manually, but a few days later they began patching some services remotely.

Affected Services

OMI

Remediation

None required, client needed to be auto-updated.

Tracked CVEs

CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, CVE-2021-38649

References

Disclosure Date
Tue, Sep 14th, 2021
Exploitablity Period
-
Known ITW Exploitation
true
Detection Methods
OMI version < 1.6.8.1
Piercing Index Rating
8.66
(PI:1.5/A1:20/A2:1/A7:1/A8:1.1)
Discovered by
Nir Ohfeld, Wiz