Vulnerability Details CVE-2021-31581
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.156
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 7.9
CVSS v2 Score 2.1
References
Products affected by CVE-2021-31581
-
cpe:2.3:a:akkadianlabs:ova_appliance:-
-
cpe:2.3:a:akkadianlabs:provisioning_manager:3.0.0
-
cpe:2.3:a:akkadianlabs:provisioning_manager:4.0.0