CVE-2016-2786
Published Jun 10, 2016
Last updated 3 years ago
Overview
- Description
- The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_agent:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EB387B5-667B-4CA8-BAFC-465F2E4A9485"
},
{
"criteria": "cpe:2.3:a:puppet:puppet_agent:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E61A7AF3-5B7E-44BA-BD59-6C392505748D"
},
{
"criteria": "cpe:2.3:a:puppet:puppet_agent:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48949FBD-A81F-4CFB-806F-A845A41656E3"
},
{
"criteria": "cpe:2.3:a:puppet:puppet_agent:1.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C992FC14-21DB-4E3B-AA51-F15383A55C73"
},
{
"criteria": "cpe:2.3:a:puppet:puppet_agent:1.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70BEDC55-CCDB-4B86-A4B1-07EA5603A59C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "364465AC-E8C6-4245-8F33-CD4EFDFA3D2E"
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B18FA0E7-381A-4831-9E2A-DE94D5FCDA83"
}
],
"operator": "OR"
}
]
}
]