Cisco’s Akkadian Provisioning Manager has three high-severity security vulnerabilities that can be chained together to enable remote code execution (RCE) with elevated privileges. They remain unpatched, according to the researchers at Rapid7 who discovered them. The issues, all present in version 4.50.18 of the Akkad platform, are as follows: CVE-2021-31579: Use of hard-coded credentials (ranking 8.2 out of 10 on CVSS vulnerability scale) Combining these vulnerabilities will allow an unauthorized adversary to gain root-level shell access.
Source: https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/