CVE-2018-6516
published 2018-06-14CVE-2018-6516: On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | pe-client-tools | — | — |
| puppet | pe-client-tools | — | — |
| puppet | pe-client-tools | — | — |
| puppet | puppet_enterprise_client_tools | >= 16.4.0 < 16.4.6 | 16.4.6 |
| puppet | puppet_enterprise_client_tools | >= 17.3.0 < 17.3.6 | 17.3.6 |
| puppet | puppet_enterprise_client_tools | >= 18.1.0 < 18.1.2 | 18.1.2 |