漏洞标题
通过'exec'命令利用Akkadian Provisioning Manager Engine(PME)外壳逃逸
漏洞描述信息
通过'exec'命令利用Akkadian Provisioning Manager Engine (PME)壳逃逸
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Akkadian Provisioning Manager Engine (PME) Shell Escape via 'exec' command
漏洞描述信息
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
漏洞类别
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
漏洞标题
Akkadian Provisioning Manager操作系统命令注入漏洞
漏洞描述信息
Akkadian Provisioning Manager是美国Akkadian公司的一种配置解决方案,用于更强大的供应自动化的新集成。 Akkadian Provisioning Manager Engine (PME)存在操作系统命令注入漏洞,该漏洞允许未经授权的攻击者可对受影响设备的根级shell访问。
CVSS信息
N/A
漏洞类别
授权问题