The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
References
Link | Resource |
---|---|
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: rapid7
Published: 2021-07-22T18:27:19
Updated: 2021-07-22T18:27:19
Reserved: 2021-04-22T00:00:00
Link: CVE-2021-31581
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-22T19:15:08.953
Modified: 2021-08-04T01:57:55.913
Link: CVE-2021-31581
JSON object: View
Redhat Information
No data.