CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-6516

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://puppet.com/security/cve/CVE-2018-6516
https://puppet.com/security/cve/CVE-2018-6516

Products affected by CVE-2018-6516

Puppet » Puppet Enterprise Client Tools » Version: 16.4.0

cpe:2.3:a:puppet:puppet_enterprise_client_tools:16.4.0
Puppet » Puppet Enterprise Client Tools » Version: 17.3.0

cpe:2.3:a:puppet:puppet_enterprise_client_tools:17.3.0
Puppet » Puppet Enterprise Client Tools » Version: 18.1.0

cpe:2.3:a:puppet:puppet_enterprise_client_tools:18.1.0
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6516

Products

Pricing

Contact Us