CVE-2018-6515

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
puppetCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
puppetpuppet
1.10.0 ≤
𝑥
< 1.10.13
puppetpuppet
5.3.0 ≤
𝑥
< 5.3.7
puppetpuppet
5.5.0 ≤
𝑥
< 5.5.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Common Weakness Enumeration
References
https://puppet.com/security/cve/CVE-2018-6515
https://puppet.com/security/cve/CVE-2018-6515