CVE-2021-31581

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:akkadianlabs:ova_appliance:*:*:*:*:*:*:*:*
cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:05

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 4.4
v2 : 2.1
v3 : 7.9
References () https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ - Exploit, Third Party Advisory () https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ - Exploit, Third Party Advisory

04 Aug 2021, 01:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 4.4
CWE CWE-312
CPE cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:akkadianlabs:ova_appliance:*:*:*:*:*:*:*:*
References (MISC) https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ - (MISC) https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ - Exploit, Third Party Advisory

22 Jul 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-22 19:15

Updated : 2024-11-21 06:05


NVD link : CVE-2021-31581

Mitre link : CVE-2021-31581

CVE.ORG link : CVE-2021-31581


JSON object : View

Products Affected

akkadianlabs

  • ova_appliance
  • provisioning_manager
CWE
CWE-269

Improper Privilege Management

CWE-312

Cleartext Storage of Sensitive Information