CVE-2018-6514

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
puppetCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
puppetpuppet
1.10.0 ≤
𝑥
< 1.10.13
puppetpuppet
5.3.0 ≤
𝑥
< 5.3.7
puppetpuppet
5.5.0 ≤
𝑥
< 5.5.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
facter
bullseye
3.14.12-1
fixed
bookworm
4.3.0-2
fixed
sid
4.8.0-1
fixed
trixie
4.8.0-1
fixed
Common Weakness Enumeration
References
https://puppet.com/security/cve/CVE-2018-6514
https://puppet.com/security/cve/CVE-2018-6514