9.8
CVE-2016-2788
- EPSS 2.09%
- Published 13.02.2017 18:59:00
- Last modified 20.04.2025 01:37:25
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Data is provided by the National Vulnerability Database (NVD)
Puppet ≫ Marionette Collective Version2.7.0
Puppet ≫ Marionette Collective Version2.8.0
Puppet ≫ Marionette Collective Version2.8.1
Puppet ≫ Marionette Collective Version2.8.2
Puppet ≫ Marionette Collective Version2.8.3
Puppet ≫ Marionette Collective Version2.8.4
Puppet ≫ Marionette Collective Version2.8.5
Puppet ≫ Marionette Collective Version2.8.6
Puppet ≫ Marionette Collective Version2.8.7
Puppet ≫ Marionette Collective Version2.8.8
Puppet ≫ Puppet Enterprise Version >= 3.8.0 < 3.8.6
Puppet ≫ Puppet Enterprise Version >= 2016.2.0 < 2016.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.09% | 0.824 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.