CVE-2021-38647 (GCVE-0-2021-38647)
Vulnerability from cvelistv5 – Published: 2021-09-15 11:24 – Updated: 2025-10-21 23:25- Remote Code Execution
- CWE-noinfo Not enough information
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/164694/Micro… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Open Management Infrastructure |
Affected:
16.0 , < OMI Version 1.6.8-1
(custom)
cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* |
|
| Microsoft | System Center Operations Manager (SCOM) |
Affected:
1.0.0 , < OMI version: 1.6.8-1
(custom)
cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:* |
|
| Microsoft | Azure Automation State Configuration, DSC Extension |
Affected:
2.0.0 , < DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3
(custom)
cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:* |
|
| Microsoft | Azure Automation Update Management |
Affected:
1.0.0 , < OMS Agent for Linux GA v1.13.40-0
(custom)
cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:* |
|
| Microsoft | Log Analytics Agent |
Affected:
1.0.0 , < OMS Agent for Linux GA v1.13.40-0
(custom)
cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:* |
|
| Microsoft | Azure Diagnostics (LAD) |
Affected:
3.0.0 , < LAD v4.0.13 and LAD v3.0.135
(custom)
cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:* |
|
| Microsoft | Container Monitoring Solution |
Affected:
1.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:* |
|
| Microsoft | Azure Security Center |
Affected:
1.0.0 , < OMS Agent for Linux GA v1.13.40-0
(custom)
cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:* |
|
| Microsoft | Azure Sentinel |
Affected:
1.0.0 , < OMS Agent for Linux GA v1.13.40-0
(custom)
cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:* |
|
| Microsoft | Azure Stack Hub |
Affected:
1.0.0 , < Monitor, Update and Config Mgmnt 1.14.01
(custom)
Affected: 1.0.0 , < 3.1.135 (custom) cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:* |
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-1390 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Open Management Infrastructure (OMI) |
| Due Date | 2021-11-17 |
| Date Added | 2021-11-03 |
| Vendorproject | Microsoft |
| Vulnerabilityname | Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Honeypot
Signal: In The Wild Attempts
Confidence: 70%
Source: shadowserver
Details
| 1D | 1 |
|---|---|
| Iot | no |
| Feed | Shadowserver Foundation honeypot/exploited-vulnerabilities |
| Type | http-scan |
| Class | device-management-platform |
| 7D Avg | 0 |
| Vendor | Microsoft |
| 30D Avg | 5 |
| 90D Avg | 2 |
| Product | Open Management Infrastructure (OMI) |
| Cisa Kev | yes |
| Connections | 1 |
| Observation Date | 2026-07-02 |
| Vulnerability Class | None |
| Vulnerability Score | None |
| Vulnerability Severity | None |
References
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Public Report
Signal: Confirmed Compromise
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | Open Management Infrastructure Remote Code Execution Vulnerability |
| Vendor | Microsoft |
| Product | Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub |
| Added Date | 2021-11-03T00:00:00.000Z |
| Cvss Score | 9.8 |
| Epss Score | None |
| Cvss Severity | CRITICAL |
| Epss Percentile | None |
| Used In Malware | yes |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:18.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38647",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:45:47.017000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:33.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-38647 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Open Management Infrastructure",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI Version 1.6.8-1",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI version: 1.6.8-1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation State Configuration, DSC Extension",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation Update Management",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Log Analytics Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Diagnostics (LAD)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Container Monitoring Solution",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Security Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Sentinel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.135",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Open Management Infrastructure Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:20.007Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"title": "Open Management Infrastructure Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-38647",
"datePublished": "2021-09-15T11:24:07.000Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:33.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2021-38647",
"cwes": "[\"CWE-1390\"]",
"dateAdded": "2021-11-03",
"dueDate": "2021-11-17",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-38647",
"product": "Open Management Infrastructure (OMI)",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.",
"vendorProject": "Microsoft",
"vulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability"
},
"epss": {
"cve": "CVE-2021-38647",
"date": "2026-07-03",
"epss": "0.99723",
"percentile": "0.99952"
},
"fkie_nvd": {
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23A8B342-E863-4C71-9CE1-FB325FF34829\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_diagnostics_\\\\(lad\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37AC51D6-F6F3-45D8-91E7-6EDD01C0273E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8477F336-71BB-4C49-A4EB-E1BC1EFF2F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA1626DA-5B19-4291-B840-633EF458984C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B80F8C3B-BEF9-43D5-9455-6C6F608CF519\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B457DA44-AD83-4E5C-B180-8A227462EC60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68A461E8-C834-4F97-98E3-516A191A3BAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDAE892B-324C-45E3-BFA0-C2B7B6939F54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79983385-D5FE-4F76-924C-A2AA7E5BAAE8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Open Management Infrastructure Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Una Vulnerabilidad de Ejecuci\\u00f3n de C\\u00f3digo Remota de Open Management Infrastructure\"}]",
"id": "CVE-2021-38647",
"lastModified": "2024-11-21T06:17:48.663",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-09-15T12:15:15.090",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-38647\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-09-15T12:15:15.090\",\"lastModified\":\"2025-10-30T19:13:53.830\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open Management Infrastructure Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Open Management Infrastructure\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23A8B342-E863-4C71-9CE1-FB325FF34829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_diagnostics_\\\\(lad\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37AC51D6-F6F3-45D8-91E7-6EDD01C0273E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8477F336-71BB-4C49-A4EB-E1BC1EFF2F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA1626DA-5B19-4291-B840-633EF458984C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80F8C3B-BEF9-43D5-9455-6C6F608CF519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B457DA44-AD83-4E5C-B180-8A227462EC60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68A461E8-C834-4F97-98E3-516A191A3BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDAE892B-324C-45E3-BFA0-C2B7B6939F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79983385-D5FE-4F76-924C-A2AA7E5BAAE8\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T01:51:18.937Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-38647\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T14:45:47.017000Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2021-38647 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T14:45:35.962Z\"}}], \"cna\": {\"title\": \"Open Management Infrastructure Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Open Management Infrastructure\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0\", \"lessThan\": \"OMI Version 1.6.8-1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"System Center Operations Manager (SCOM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"OMI version: 1.6.8-1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Azure Automation State Configuration, DSC Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Azure Automation Update Management\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"OMS Agent for Linux GA v1.13.40-0\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Log Analytics Agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"OMS Agent for Linux GA v1.13.40-0\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Azure Diagnostics (LAD)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"LAD v4.0.13 and LAD v3.0.135\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Container Monitoring Solution\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Azure Security Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"OMS Agent for Linux GA v1.13.40-0\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Azure Sentinel\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"OMS Agent for Linux GA v1.13.40-0\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"cpes\": [\"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Azure Stack Hub\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"Monitor, Update and Config Mgmnt 1.14.01\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"3.1.135\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2021-09-14T07:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Open Management Infrastructure Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2023-12-28T19:37:20.007Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-38647\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:33.144Z\", \"dateReserved\": \"2021-08-13T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-09-15T11:24:07.000Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.