Lucene search

K
cve[email protected]CVE-2016-9599
HistoryApr 24, 2018 - 1:29 a.m.

CVE-2016-9599

2018-04-2401:29:00
CWE-284
web.nvd.nist.gov
27
cve-2016-9599
nvd
security
access-control
iptables
puppet-tripleo
ssl
tcp
udp

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.8%

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

Affected configurations

Vulners
NVD
Node
puppetpuppetRange5.5.0
OR
puppetpuppetRange6.2.0
VendorProductVersionCPE
puppetpuppet*cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
puppetpuppet*cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "puppet-tripleo",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "puppet-tripleo 5.5.0"
      },
      {
        "status": "affected",
        "version": " puppet-tripleo 6.2.0"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.8%