CVE-2021-31581
HIGH NUCLEIAkkadianlabs Ova Appliance < 3.0 - Improper Privilege Management
Title source: ruleExploitation Summary
CVE-2021-31581 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
Nuclei Templates (1)
Akkadian Provisioning Manager - Information Disclosure
MEDIUMby geeknik
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Scores
CVSS v3
7.9
EPSS
0.0121
EPSS Percentile
64.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-269
CWE-312
Status
published
Products (2)
akkadianlabs/ova_appliance
< 3.0
akkadianlabs/provisioning_manager
3.0.0 - 3.3.0.314-4a349e0
Published
Jul 22, 2021
Tracked Since
Feb 18, 2026