This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).
421ae743686547f1ecd98e3086fa9370482e6a9646a5f30c18b32491b7848309
By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).
fdef0aef0e912b6be1749a8d91235a8ce5f95d8c64ee36efaa66917951a81206