msrc_cve-2024-21330
Vulnerability from csaf_microsoft
Published
2024-03-12 07:00
Modified
2024-04-09 07:00
Summary
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"Wei in Kunlun Lab with \u003ca href=\"https://www.cyberkl.com/\"\u003eCyber KunLun\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
},
{
"category": "self",
"summary": "CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2024/msrc_cve-2024-21330.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability",
"tracking": {
"current_release_date": "2024-04-09T07:00:00.000Z",
"generator": {
"date": "2024-12-31T20:19:05.769Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-21330",
"initial_release_date": "2024-03-12T07:00:00.000Z",
"revision_history": [
{
"date": "2024-03-12T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-04-09T07:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "In the Security Updates table, added Azure HDInsights because this product is also affected by this vulnerability. Microsoft strongly recommends that customers running Azure HDInsights install the updates to be fully protected from the vulnerability."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.19.1253.0",
"product": {
"name": "System Center Operations Manager (SCOM) 2019 \u003c10.19.1253.0",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "10.19.1253.0",
"product": {
"name": "System Center Operations Manager (SCOM) 2019 10.19.1253.0",
"product_id": "12057"
}
}
],
"category": "product_name",
"name": "System Center Operations Manager (SCOM) 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.22.1070.0",
"product": {
"name": "System Center Operations Manager (SCOM) 2022 \u003c10.22.1070.0",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "10.22.1070.0",
"product": {
"name": "System Center Operations Manager (SCOM) 2022 10.22.1070.0",
"product_id": "12058"
}
}
],
"category": "product_name",
"name": "System Center Operations Manager (SCOM) 2022"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cOMS Agent for Linux GA 1.19.0",
"product": {
"name": "Azure Automation \u003cOMS Agent for Linux GA 1.19.0",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "OMS Agent for Linux GA 1.19.0",
"product": {
"name": "Azure Automation OMS Agent for Linux GA 1.19.0",
"product_id": "11656"
}
}
],
"category": "product_name",
"name": "Azure Automation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cOMS Agent for Linux GA v1.19.0",
"product": {
"name": "Azure Automation Update Management \u003cOMS Agent for Linux GA v1.19.0",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "OMS Agent for Linux GA v1.19.0",
"product": {
"name": "Azure Automation Update Management OMS Agent for Linux GA v1.19.0",
"product_id": "11944"
}
}
],
"category": "product_name",
"name": "Azure Automation Update Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cOMS Agent for Linux GA v1.19.0",
"product": {
"name": "Azure Sentinel \u003cOMS Agent for Linux GA v1.19.0",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "OMS Agent for Linux GA v1.19.0",
"product": {
"name": "Azure Sentinel OMS Agent for Linux GA v1.19.0",
"product_id": "11949"
}
}
],
"category": "product_name",
"name": "Azure Sentinel"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cmicrosoft-oms-latest with full ID: sha256:855bfeb0",
"product": {
"name": "Container Monitoring Solution \u003cmicrosoft-oms-latest with full ID: sha256:855bfeb0",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "microsoft-oms-latest with full ID: sha256:855bfeb0",
"product": {
"name": "Container Monitoring Solution microsoft-oms-latest with full ID: sha256:855bfeb0",
"product_id": "11947"
}
}
],
"category": "product_name",
"name": "Container Monitoring Solution"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003comi-1.8.1-0",
"product": {
"name": "Azure HDInsight \u003comi-1.8.1-0",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "omi-1.8.1-0",
"product": {
"name": "Azure HDInsight omi-1.8.1-0",
"product_id": "11987"
}
}
],
"category": "product_name",
"name": "Azure HDInsight"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cOMI version 1.8.1-0",
"product": {
"name": "Open Management Infrastructure \u003cOMI version 1.8.1-0",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "OMI version 1.8.1-0",
"product": {
"name": "Open Management Infrastructure OMI version 1.8.1-0",
"product_id": "11933"
}
}
],
"category": "product_name",
"name": "Open Management Infrastructure"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.8.1-0",
"product": {
"name": "Operations Management Suite Agent for Linux (OMS) \u003c1.8.1-0",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "1.8.1-0",
"product": {
"name": "Operations Management Suite Agent for Linux (OMS) 1.8.1-0",
"product_id": "12295"
}
}
],
"category": "product_name",
"name": "Operations Management Suite Agent for Linux (OMS)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cOMS Agent for Linux GA 1.19.0",
"product": {
"name": "Azure Security Center \u003cOMS Agent for Linux GA 1.19.0",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "OMS Agent for Linux GA 1.19.0",
"product": {
"name": "Azure Security Center OMS Agent for Linux GA 1.19.0",
"product_id": "11948"
}
}
],
"category": "product_name",
"name": "Azure Security Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cOMS Agent for Linux GA v1.19.0",
"product": {
"name": "Log Analytics Agent \u003cOMS Agent for Linux GA v1.19.0",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "OMS Agent for Linux GA v1.19.0",
"product": {
"name": "Log Analytics Agent OMS Agent for Linux GA v1.19.0",
"product_id": "11945"
}
}
],
"category": "product_name",
"name": "Log Analytics Agent"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21330",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "Successful exploitation of this vulnerability will locally elevate the attacker\u0027s privileges to communicate as Root with OMI server.",
"title": "What privileges could be gained by an attacker who successfully exploited this vulnerability?"
},
{
"category": "faq",
"text": "Successful exploitation of this vulnerability requires an attacker be an authenticated user on the resource to access the necessary socket files to control the OMI service.",
"title": "According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0.",
"title": "What actions do I need to take to be protected from this vulnerability?"
},
{
"category": "faq",
"text": "Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs.\nMore information can be found here: GitHub - Open Management Infrastructure.",
"title": "What is OMI?"
},
{
"category": "faq",
"text": "The following table lists the affected services and the required customer action to protect against this vulnerability.\nOMI as standalone package: OMI as standalone package, OMI version v1.8.1-0: OMI version v1.8.1-0, Manually download the update here: Manually download the update here, System Center Operations Manager (SCOM) Management Pack for UNIX and Linux Operating Systems: System Center Operations Manager (SCOM) Management Pack for UNIX and Linux Operating Systems, Management Pack for SCOM 2019: 10.19.1253.0: Management Pack for SCOM 2019: 10.19.1253.0, Manually download and update the applicable management packs: \u202f2019, or\u202f2022.: Manually download and update the applicable management packs: \u202f2019, or\u202f2022., : , Management Pack for SCOM 2022: 10.22.1070.0: Management Pack for SCOM 2022: 10.22.1070.0, : , Log Analytics Agent: Log Analytics Agent, OMS Agent for Linux GA v1.19.0: OMS Agent for Linux GA v1.19.0, Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here.: Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here., Azure Security Center: Azure Security Center, OMS Agent for Linux GA v1.19.0: OMS Agent for Linux GA v1.19.0, Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here.: Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here., Container Monitoring Solution: Container Monitoring Solution, Image tag: microsoft-oms-latest with full ID: sha256:855bfeb0599e1e1d954ab8660808cc24bb190a4447818cd3fa8ad89bdad88df4: Image tag: microsoft-oms-latest with full ID: sha256:855bfeb0599e1e1d954ab8660808cc24bb190a4447818cd3fa8ad89bdad88df4, Manually update the OMS-docker image using instructions here.: Manually update the OMS-docker image using instructions here., Azure Sentinel: Azure Sentinel, OMS Agent for Linux GA v1.19.0: OMS Agent for Linux GA v1.19.0, Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here.: Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here., Azure Automation: Azure Automation, OMS Agent for Linux GA v1.19.0: OMS Agent for Linux GA v1.19.0, Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here.: Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here., Azure Automation Update Management: Azure Automation Update Management, OMS Agent for Linux GA v1.19.0: OMS Agent for Linux GA v1.19.0, Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here.: Manually download and update the OMS shell bundle using instructions here OR through Azure Powershell or Azure CLI using the instructions here.",
"title": "What products are affected by this vulnerability and how can I protect myself?"
}
],
"product_status": {
"fixed": [
"11656",
"11933",
"11944",
"11945",
"11947",
"11948",
"11949",
"11987",
"12057",
"12058",
"12295"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
},
{
"category": "self",
"summary": "CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "10.19.1253.0:Security Update:https://www.microsoft.com/en-us/download/details.aspx?id=58208",
"product_ids": [
"3"
],
"url": "https://www.microsoft.com/en-us/download/details.aspx?id=58208"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "10.22.1070.0:Security Update:https://www.microsoft.com/en-in/download/details.aspx?id=104213",
"product_ids": [
"2"
],
"url": "https://www.microsoft.com/en-in/download/details.aspx?id=104213"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "OMS Agent for Linux GA 1.19.0:Security Update:https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment",
"product_ids": [
"11",
"6"
],
"url": "https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "OMS Agent for Linux GA v1.19.0:Security Update:https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment",
"product_ids": [
"9",
"5"
],
"url": "https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "microsoft-oms-latest with full ID: sha256:855bfeb0:Security Update:https://github.com/microsoft/containerregistry",
"product_ids": [
"7"
],
"url": "https://github.com/microsoft/containerregistry"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "omi-1.8.1-0:Security Update:https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-release-notes",
"product_ids": [
"4"
],
"url": "https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-release-notes"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "OMI version 1.8.1-0:Security Update:https://github.com/microsoft/omi",
"product_ids": [
"10"
],
"url": "https://github.com/microsoft/omi"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "1.8.1-0:Security Update:https://github.com/microsoft/OMS-Agent-for-Linux",
"product_ids": [
"1"
],
"url": "https://github.com/microsoft/OMS-Agent-for-Linux"
},
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "OMS Agent for Linux GA v1.19.0:Security Update:https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview#azure-cli-deployment",
"product_ids": [
"8"
],
"url": "https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview#azure-cli-deployment"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Elevation of Privilege"
},
{
"category": "exploit_status",
"details": "Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.