OMIGOD: Four Flaws in OMI Agent Leave Azure Linux VMs...

Question

OMIGOD: Four Flaws in OMI Agent Leave Azure Linux VMs Vulnerable to Simple ExploitationOn September 14, researchers at Wiz published a blog post detailing their discovery of four vulnerabilities in Open Management Infrastructure (OMI), an open source common information model (CIM) management server from Microsoft that is used to manage Unix and Linux systems.CVE-2021-38647CVE-2021-38648CVE-2021-38645CVE-2021-38649The researchers call these flaws “OMIGOD” due to the ease with which an attacker can exploit these flaws, especially CVE-2021-38647, an unauthenticated remote code execution flaw in OMI.Microsoft published advisories for all four flaws as part of its Patch Tuesday release. Since then, researchers have observed attempts to scan for and exploit CVE-2021-38647. The payloads being installed through these attacks include cryptocurrency miners and the Mirai botnet.For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

kbull · Answer

Are plugins available yet for these CVE's?

snarang · Answer

Hi @Keith Bull​,As mentioned in the post, details about product coverage can be found in the blog, specifically under the Identifying Affected Systems section. At the moment, our local detection plugin is available and a version check plugin is being pushed out today.

Vulnerability Watch

Forum Discussion

OMIGOD: Four Flaws in OMI Agent Leave Azure Linux VMs...

2 Replies

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia