← Volver a CVEs

CVE-2016-2786

CRITICAL

9.8

Descripcion

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado6/10/2016

Ultima modificacion4/12/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

puppet:puppet_agentpuppet:puppet_enterprise

Debilidades (CWE)

CWE-20

Referencias

https://puppet.com/security/cve/CVE-2016-2786(cve@mitre.org)

https://security.gentoo.org/glsa/201606-02(cve@mitre.org)

https://puppet.com/security/cve/CVE-2016-2786(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201606-02(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.