PT-2018-17604 · Puppet · Puppet Agent

Publicado

2018-06-11

Atualizado

2018-08-02

CVE-2018-6515

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Puppet Agent versions 1.10.x prior to 1.10.13 Puppet Agent versions 5.3.x prior to 5.3.7 Puppet Agent versions 5.5.x prior to 5.5.2

Description The issue allows an attacker to load arbitrary code with privilege escalation on Windows systems using a specially crafted configuration file.

Recommendations For Puppet Agent versions 1.10.x prior to 1.10.13, update to version 1.10.13 or later. For Puppet Agent versions 5.3.x prior to 5.3.7, update to version 5.3.7 or later. For Puppet Agent versions 5.5.x prior to 5.5.2, update to version 5.5.2 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-6515

Produtos afetados

Puppet Agent

PT-2018-17604 · Puppet · Puppet Agent

CVE-2018-6515

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3