Akkadian Provisioning Manager Engine (PME) Shell Escape via 'exec' command

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Akkadian Provisioning Manager操作系统命令注入漏洞

Akkadian Provisioning Manager是美国Akkadian公司的一种配置解决方案，用于更强大的供应自动化的新集成。 Akkadian Provisioning Manager Engine (PME)存在操作系统命令注入漏洞，该漏洞允许未经授权的攻击者可对受影响设备的根级shell访问。

N/A

N/A