Vulnerability Description
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Akkadianlabs | Ova Appliance | < 3.0 |
| Akkadianlabs | Provisioning Manager | >= 3.0.0, < 3.3.0.314-4a349e0 |
Related Weaknesses (CWE)
References
- https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multipExploitThird Party Advisory
- https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multipExploitThird Party Advisory
FAQ
What is CVE-2021-31581?
CVE-2021-31581 is a vulnerability with a CVSS score of 7.9 (HIGH). The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which...
How severe is CVE-2021-31581?
CVE-2021-31581 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31581?
Check the references section above for vendor advisories and patch information. Affected products include: Akkadianlabs Ova Appliance, Akkadianlabs Provisioning Manager.