CVE-2021-31581
Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface
Vexday Risk Score
36Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 7.9EPSS 1.2%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
22 jul 2021Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Produtos afetados
Akkadian · Provisioning Manager Engine (PME)Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →