There is a 9.6 VPR raiting vulnerability which is affecting Linux server’s in environment.
I am looking to find out if fixlet to address this vulnerability will be uploaded to Bigfix or we need to create a Custom fixlet for same to fix this issue.
The version of Azure Open Management Intfrastructure installed on the remote host is prior to 188.8.131.52. It is, therefore, affected by multiple vulnerabilities:
- A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)
- Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain priviledged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
Upgrade to Azure Open Management Infrastructure version 184.108.40.206 or later.