cbcvebase.
CVE-2021-31581
published 2021-07-22

CVE-2021-31581: The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command…

PriorityP425medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
EXPLOIT
EPSS
1.22%
64.8th percentile
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

Affected

4 ranges
VendorProductVersion rangeFixed in
akkadianprovisioning_manager_engine4.50.18 – 4.50.18
akkadianlabsova_appliance< 3.03.0
akkadianlabsprovisioning_manager>= 3.0.0 < 3.3.0.314-4a349e03.3.0.314-4a349e0
akkadianlabsprovisioning_manager>= 4.0.0 < 5.0.25.0.2

CVSS provenance

nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.