The vulnerabilities, which are collectively referred to as “OMIGOD,” are found within OMI agents that are installed on Microsoft’s Azure Linux virtual machines (VMs) by default.

An unauthenticated, remote attacker can exploit the vulnerability (CVE-2021-38647) by sending a specially crafted request to a vulnerable host over a publicly accessible remote management port (ports 5986, 5985 and 1270). Successful exploitation would grant an attacker the ability to execute arbitrary code with root privileges on the vulnerable Linux VM. 

As a result, CVE-2021-38647 vulnerability is the most severe out of the four flaws encompassing OMIGOD. We have already reported this vulnerability in Risk Directive R15092021000105 dated 15th Sep 21.

CVE-2021-38645, CVE-2021-38648 and CVE-2021-38649 are three elevation of privilege vulnerabilities in OMI.

                                                                                                    Table 1: Vulnerability details 

OMI Overview:

Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. Several Azure Virtual Machine (VM) management extensions use this framework to orchestrate configuration management and log collection on Linux VMs.

                                                                                                     Table 2: Vulnerable versions