OMIGOD Azure

[D2]

The Wiz Research Team recently found four critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure. The vulnerabilities are very easy to exploit, allowing attackers to remotely execute arbitrary code within the network with a single request and escalate to root privileges.

• CVE-2021-38647 – Unauthenticated RCE as root
• CVE-2021-38648 – Privilege Escalation vulnerability
• CVE-2021-38645 – Privilege Escalation vulnerability
• CVE-2021-38649 – Privilege Escalation vulnerability

Many different services in Azure are affected, including Azure Log Analytics, Azure Diagnostics and Azure Security Center, as Microsoft uses OMI extensively behind the scenes as a common component for many of its management services for VMs.


Cloud no good maybe