CVE-2021-31581

HIGH NUCLEI

Akkadianlabs Ova Appliance < 3.0 - Improper Privilege Management

Title source: rule

Description

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

Nuclei Templates (1)

Akkadian Provisioning Manager - Information Disclosure

MEDIUMby geeknik

References (1)

[Exploit, Third Party Advisory] https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/

Scores

CVSS v3 7.9

EPSS 0.0924

EPSS Percentile 92.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-269 CWE-312

Status published

Products (2)

akkadianlabs/ova_appliance < 3.0

akkadianlabs/provisioning_manager 3.0.0 - 3.3.0.314-4a349e0

Published Jul 22, 2021

Tracked Since Feb 18, 2026