Security News > 2021 > June > Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC
The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution with elevated privileges, researchers said.
Armed with these credentials, Rapid7 was then able to successfully bypass the restricted shell menu environment using CVE-2021-31580/81.
Rapid7 researchers identified that the restricted shell in use by the Akkadian Appliance Manager component was set to a default bash shell.
Rapid7 researchers further found that the restricted shell environment of the Akkadian Appliance Manager component could also be bypassed using the shipped version of "Vi," which is a popular terminal-based text editor.
Rapid7 researchers were then able to use local shell access in order to successfully validate the credentials and connect to the underlying MariaDB host listening locally.
Rapid7 disclosed the bugs to Akkadian in February, but despite multiple follow-ups, there's been no response, according to Rapid7.
News URL
https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-31580 | OS Command Injection vulnerability in Akkadianlabs OVA Appliance and Provisioning Manager The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. | 9.8 |