Security Advisory

CVE-2021-31581

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-22 18:27:19
Last updated 2024-08-03 23:03:33
Assigner rapid7
State PUBLISHED

Description

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).