CVE-2016-9587

EUVD-2018-0012
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
redhatansible
𝑥
< 2.1.4
ansibleansible
𝑥
< 2.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ansible
bookworm
7.7.0+dfsg-3+deb12u1
fixed
bullseye
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
fixed
jessie
not-affected
sid
10.5.0+dfsg-2
fixed
trixie
10.5.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ansible
artful
ignored
bionic
not-affected
precise
dne
trusty
not-affected
xenial
Fixed 2.0.0.2-2ubuntu1.1
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-0195.html
http://rhn.redhat.com/errata/RHSA-2017-0260.html
http://www.securityfocus.com/bid/95352
https://access.redhat.com/errata/RHSA-2017:0448
https://access.redhat.com/errata/RHSA-2017:0515
https://access.redhat.com/errata/RHSA-2017:1685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
https://security.gentoo.org/glsa/201701-77
https://www.exploit-db.com/exploits/41013/
http://rhn.redhat.com/errata/RHSA-2017-0195.html
http://rhn.redhat.com/errata/RHSA-2017-0260.html
http://www.securityfocus.com/bid/95352
https://access.redhat.com/errata/RHSA-2017:0448
https://access.redhat.com/errata/RHSA-2017:0515
https://access.redhat.com/errata/RHSA-2017:1685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
https://security.gentoo.org/glsa/201701-77
https://www.exploit-db.com/exploits/41013/