First published: Mon Jun 11 2018(Updated: )
Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Credit: security@puppet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Puppet Puppet | >=1.10.0<1.10.13 | |
Puppet Puppet | >=5.3.0<5.3.7 | |
Puppet Puppet | >=5.5.0<5.5.2 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6515 is a vulnerability in Puppet Agent that allows an attacker to load arbitrary code with privilege escalation.
Puppet Agent versions 1.10.x prior to 1.10.13, 5.3.x prior to 5.3.7, and 5.5.x prior to 5.5.2 on Windows only.
An attacker can exploit CVE-2018-6515 by using a specially crafted configuration file to get pxp-agent to load arbitrary code with privilege escalation.
The severity of CVE-2018-6515 is classified as high, with a severity value of 7.8.
To fix CVE-2018-6515, update Puppet Agent to version 1.10.13, 5.3.7, or 5.5.2, depending on the affected version.