cvelist/2021/31xxx/CVE-2021-31581.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve@rapid7.com",
        "ID": "CVE-2021-31581",
        "STATE": "PUBLIC",
        "TITLE": "Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Provisioning Manager Engine (PME)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "4.50.18",
                                            "version_value": "4.50.18"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Akkadian"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Cale Black, Ryan Villarreal, and Jonathan Peterson of Rapid7"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-269 Improper Privilege Management"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/",
                "refsource": "MISC",
                "url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/"
            }
        ]
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`{`
			`"CVE_data_meta": {`
Add CVEs for Akkadian 2021-07-22 11:15:33 -05:00			`"ASSIGNER": "cve@rapid7.com",`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`"ID": "CVE-2021-31581",`
Add CVEs for Akkadian 2021-07-22 11:15:33 -05:00			`"STATE": "PUBLIC",`
			`"TITLE": "Akkadian Provisioning Manager Engine (PME) Shell Escape via 'vi' editor interface"`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`},`
Add CVEs for Akkadian 2021-07-22 11:15:33 -05:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Provisioning Manager Engine (PME)",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "4.50.18",`
			`"version_value": "4.50.18"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Akkadian"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Cale Black, Ryan Villarreal, and Jonathan Peterson of Rapid7"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-07-22 19:00:59 +00:00			`"value": "The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)."`
Add CVEs for Akkadian 2021-07-22 11:15:33 -05:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 7.9,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-269 Improper Privilege Management"`
			`}`
			`]`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`}`
			`]`
Add CVEs for Akkadian 2021-07-22 11:15:33 -05:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/",`
			`"refsource": "MISC",`
			`"url": "https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/"`
			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2021-04-22 20:00:45 +00:00			`}`
			`}`