CVE-2021-31581

HIGH

7.9

Description

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

Details CVE

Score CVSS v3.17.9

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie7/22/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

akkadianlabs:ova_applianceakkadianlabs:provisioning_manager

Faiblesses (CWE)

CWE-269CWE-312

References

https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/(cve@rapid7.com)

https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.