Cyber Resilience

CVE-2021-38648

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 15 September 2021

Published
15 September 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3822 97.3th percentile
Risk Priority 59 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-38648 is a high-severity an unspecified weakness vulnerability in Microsoft Azure Automation State Configuration. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2021-38648 is an elevation of privilege vulnerability affecting the Open Management Infrastructure (OMI) component. It carries a CVSS 3.1 base score of 7.8 with an attack vector of local access, low attack complexity, and low privileges required, resulting in high impact to confidentiality, integrity, and availability under an unchanged scope.

A local attacker who already possesses low-privileged access on an affected system can exploit the flaw to bypass authentication controls in the OMI management interface and obtain full administrative privileges, enabling arbitrary code execution or complete system compromise.

Microsoft security guidance referenced in the advisory provides official remediation steps and patches, while the vulnerability is also tracked in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

EU & UK References

Vulnerability details

Open Management Infrastructure Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
azure automation state configuration
all versions
microsoft
azure automation update management
all versions
microsoft
azure diagnostics \(lad\)
all versions
microsoft
azure open management infrastructure
all versions
microsoft
azure security center
all versions
microsoft
azure sentinel
all versions
microsoft
azure stack hub
all versions
microsoft
container monitoring solution
all versions
microsoft
log analytics agent
all versions
microsoft
system center operations manager
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks that the OMI flaw bypasses to allow local privilege escalation.

prevent

Requires identification and authentication of organizational users before granting access to the OMI management interface.

prevent

Limits privileges assigned to local accounts so that even a successful bypass yields only the minimum necessary rights.

References