CVE-2021-31581 Vulnerability Details

  /     /     /  

CVE-2021-31581 Metadata Quick Info

CVE Published: 22/07/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: rapid7 | Vendor: Akkadian | Product: Provisioning Manager Engine (PME)
Status : PUBLISHED

---

CVE-2021-31581 Description

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the \'Edit MySQL Configuration\' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

Metrics

CVSS Version: 3.1 | Base Score: 7.9 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: CWE-269 Improper Privilege Management
Source: Akkadian

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).