Skip to main content

CVE-2021-31581

Description

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

NVD
Severity: MEDIUM
CVE ID: CVE-2021-31581
CVSS Score: 4.4
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Rapid7, Inc.
Severity: HIGH
CVE ID: CVE-2021-31581
CVSS Score: 7.9
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-31581
Last updated on by Vulnerability_bot_v1.3.9