Vulnerabilities > CVE-2018-6516 - Unspecified vulnerability in Puppet Enterprise Client Tools

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

puppet

microsoft

NVD

Published: 2018-06-14

Updated: 2019-10-03

Summary

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.

Vulnerable Configurations

Part	Description	Count
Application	Puppet Puppet Puppet Enterprise Client Tools *	1
OS	Microsoft Microsoft Windows -	1

References

https://puppet.com/security/cve/CVE-2018-6516