Lucene search

FreeBSDDF502A2F-61F6-11E6-A461-643150D3111D

HistoryAug 09, 2016 - 12:00 a.m.

puppet-agent MCollective plugin -- Remote Code Execution vulnerability

2016-08-0900:00:00

vuxml.freebsd.org

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

EPSS

0.002

Percentile

51.9%

JSON

Puppet reports:

Puppet Enterprise previously included a puppet-agent MCollective plugin that allowed you to pass the --server argument to MCollective. This insecure argument enabled remote code execution via connection to an untrusted host. The puppet-agent MCollective version included in PE 2016.2.1, this option is disabled by default.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmcollective-puppet-agent< 1.11.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mcollective-puppet-agent	< 1.11.1	UNKNOWN

References

puppet.com/security/cve/cve-2015-7331

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

EPSS

0.002

Percentile

51.9%

JSON

Related for DF502A2F-61F6-11E6-A461-643150D3111D