CVE-2021-38648
HIGH KEVMicrosoft OMI Management Interface Authentication Bypass
Title source: metasploitDescription
Open Management Infrastructure Elevation of Privilege Vulnerability
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Nir Ohfeld, Shir Tamari, Spencer McIntyre · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2021_38648_omigod.rb
References (3)
Scores
CVSS v3
7.8
EPSS
0.3179
EPSS Percentile
96.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-09-17
InTheWild.io
2021-11-03
ENISA EUVD
EUVD-2021-25087
Status
published
Products (10)
microsoft/azure_automation_state_configuration
microsoft/azure_automation_update_management
microsoft/azure_diagnostics_\(lad\)
microsoft/azure_open_management_infrastructure
microsoft/azure_security_center
microsoft/azure_sentinel
microsoft/azure_stack_hub
microsoft/container_monitoring_solution
microsoft/log_analytics_agent
microsoft/system_center_operations_manager
Published
Sep 15, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026