CVE-2021-31581

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

CVSS v3 7.9 HIGH
CVSS v2.0 2.1 LOW

7.9^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/	Exploit Third Party Advisory
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:akkadianlabs:ova_appliance::::::::
	cpe:2.3:a:akkadianlabs:provisioning_manager::::::::
	cpe:2.3:a:akkadianlabs:provisioning_manager::::::::

History

21 Nov 2024, 06:05

Type	Values Removed	Values Added
References	~~() https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ - Exploit, Third Party Advisory~~	() https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ - Exploit, Third Party Advisory
CVSS	v2 : ~~2.1~~ v3 : ~~4.4~~	v2 : 2.1 v3 : 7.9

Information

Published : 2021-07-22 19:15

Updated : 2024-11-21 06:05

NVD link : CVE-2021-31581

Mitre link : CVE-2021-31581

CVE.ORG link : CVE-2021-31581

JSON object : View

Products Affected

akkadianlabs

provisioning_manager
ova_appliance

CWE

CWE-269

Improper Privilege Management

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2021-31581", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2021-07-22T19:15:08.953", "references": [{"url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.com"}, {"url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)."}, {"lang": "es", "value": "El shell restringido proporcionado por Akkadian Provisioning Manager Engine (PME) puede ser escapado al abusar del comando \"Edit MySQL Configuration\". Este comando lanza una interfaz de editor vi est\u00e1ndar que puede entonces ser escapada. Este problema fue resuelto en Akkadian OVA appliance versiones 3.0 (y posteriores), Akkadian Provisioning Manager versiones 5.0.2 (y posteriores), and Akkadian Appliance Manager versiones 3.3.0.314-4a349e0 (y posteriores)"}], "lastModified": "2024-11-21T06:05:56.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:akkadianlabs:ova_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4827961D-5C4A-4C9E-BD22-65CA440071A6", "versionEndExcluding": "3.0"}, {"criteria": "cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "339F2068-073C-416D-B5E5-F1A468FE8904", "versionEndExcluding": "3.3.0.314-4a349e0", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:akkadianlabs:provisioning_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D08EC19B-0A36-4D9A-9894-FB41F8414CB6", "versionEndExcluding": "5.0.2", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}