Vulnerability Details CVE-2021-31580
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 10.0
References
Products affected by CVE-2021-31580
-
cpe:2.3:a:akkadianlabs:ova_appliance:-
-
cpe:2.3:a:akkadianlabs:provisioning_manager:3.0.0
-
cpe:2.3:a:akkadianlabs:provisioning_manager:4.0.0