CVE-2021-31581
published 2021-07-22CVE-2021-31581: The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command…
PriorityP425medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
EXPLOIT
EPSS
1.22%
64.8th percentile
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| akkadian | provisioning_manager_engine | 4.50.18 – 4.50.18 | — |
| akkadianlabs | ova_appliance | < 3.0 | 3.0 |
| akkadianlabs | provisioning_manager | >= 3.0.0 < 3.3.0.314-4a349e0 | 3.3.0.314-4a349e0 |
| akkadianlabs | provisioning_manager | >= 4.0.0 < 5.0.2 | 5.0.2 |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Akkadian Provisioning Manager - Information Disclosure
nuclei·CVSS 4.4
CVE-2021-31581 [MEDIUM] Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped.
Template:
id: CVE-2021-31581
info:
name: Akkadian Provisioning Manager - Information Disclosure
author: geeknik
severity: medium
description: Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped.
impact: |
An attacker can exploit this vulnerability to access sensitive information, such as user credenti
No writeups or analysis indexed.
2021-07-22
Published