CVE-2024-21330

Published: Mar 12, 2024Modified: Dec 27, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Affected (9)

Products: Microsoft: Azure Automation, Azure Automation Update Management, Azure Security Center, Azure Sentinel, Container Monitoring Solution, Log Analytics Agent, Operations Management Suite Agent For Linux, System Center Operations Manager

8 products

Azure Automation

Azure Automation Update Management

Azure Security Center

Container Monitoring Solution

Log Analytics Agent

Operations Management Suite Agent For Linux

System Center Operations Manager

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Azure Automation	All versions
Microsoft Azure Automation Update Management	All versions
Microsoft Azure Security Center	All versions
Microsoft Azure Sentinel	All versions
Microsoft Container Monitoring Solution	All versions
Microsoft Log Analytics Agent	All versions
Microsoft Operations Management Suite Agent For Linux	Before 1.8.1-0
Microsoft System Center Operations Manager	Version 2019
Microsoft System Center Operations Manager	Version 2022

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330

Source: secure@microsoft.com

Vendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.