Microsoft OMI Management Interface Authentication Bypass

Discussion in 'News Aggregator' started by Packet Storm, 11 Nov 2021.

  1. Packet Storm

    Packet Storm Guest

    This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).

    Continue reading...
     

Share This Page

Loading...