On September 14, Wiz researchers disclosed a set of four vulnerabilities in Microsoft’s Open Management Infrastructure (OMI), an open source Common Information Model (CIM) management server used to manage Unix and Linux systems. These flaws were referred to as “OMIGOD” and are found within the OMI agents that are installed on Microsoft’s Azure Linux virtual machines by default. These agents can be found in various Azure-based services, including:
▸Azure automation
▸Azure configuration management
▸Azure Operations Management Pack
▸Azure Container Insights
▸Azure Diagnostics
▸Azure automatic update
▸Azure log analysis
The big problem that this threat can present is real and although the software called Open Management Infrastructure (OMI) is little known, it can be implemented automatically, without the knowledge of the customers, when they configure a Linux virtual machine in the cloud, unless After a patch is applied, attackers can easily exploit all four OMIGOD vulnerabilities to escalate to root privileges and remotely execute malicious code.
The Wiz researchers describe the flaw as a “textbook RCE vulnerability” that one would expect to see in the 1990s, noting that it is highly unusual for one to emerge in 2021. “With a single packet, an attacker can become root on a remote machine simply by removing the authentication header. Any request without an authorization header has its default privileges uid = 0, gid = 0, which is root”.
At least 15,000 Azure servers remain exploitable, according to Horizon3.a1, a security company established in 2019 by veterans of the US defense forces.In addition, Microsoft confirms that all versions of Azure Linux IMO below v1 .6.8-1 are vulnerable to this RCE vulnerability, but classify CVE-2021-38647 as “less likely” to be exploited, but don’t be fooled, either less likely is still a threat plus there are 3 more vulnerabilities that can be easily exploited and it is up to you to be protected against it.
Related reads:
Cloud Service Vulnerabilities that you shouldn’t Forget
Windows 10 vulnerabilities that have been highlighted
New vulnerability that Ubuntu is facing
