CVE-2021-31581
Description
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
NVD
Severity: MEDIUM
CVE ID: CVE-2021-31581
CVSS Score: 4.4
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Rapid7, Inc.
Severity: HIGH
CVE ID: CVE-2021-31581
CVSS Score: 7.9
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Proof Of Concept
Nuclei Templates for CVE-2021-31581
Refrence: Project Discovery GitHub