CVE-2018-6516

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
puppetCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
puppetpuppet_enterprise_client_tools
16.4.0 ≤
𝑥
< 16.4.6
puppetpuppet_enterprise_client_tools
17.3.0 ≤
𝑥
< 17.3.6
puppetpuppet_enterprise_client_tools
18.1.0 ≤
𝑥
< 18.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
puppet
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
xenial
not-affected
trusty
not-affected
References
https://puppet.com/security/cve/CVE-2018-6516
https://puppet.com/security/cve/CVE-2018-6516