Main Vulnerability Database Vulnerabilities #VU38511

Format string error in Puppet Enterprise - CVE-2016-5716

Published: August 9, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38511

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-5716

CWE-ID: CWE-134

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Enterprise

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

How to mitigate CVE-2016-5716

Install update from vendor's website.

Sources

https://puppet.com/security/cve/pe-console-oct-2016

Format string error in Puppet Enterprise - CVE-2016-5716

Detailed vulnerability description

How to mitigate CVE-2016-5716

Sources

Please verify you're human