Lucene search

Ubuntu.comUB:CVE-2016-2788

HistoryFeb 13, 2017 - 12:00 a.m.

CVE-2016-2788

2017-02-1300:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

87.9%

JSON

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise,
allows remote attackers to execute arbitrary code via vectors related to
the mco ping command.

Notes

Author	Note
ebarretto	Apparentely it affects starting 2.7.0, there are some diffs in the code when compared to 2.6.0.

References

launchpad.net/bugs/cve/CVE-2016-2788

nvd.nist.gov/vuln/detail/CVE-2016-2788

puppet.com/security/cve/cve-2016-2788

security-tracker.debian.org/tracker/CVE-2016-2788

www.cve.org/CVERecord?id=CVE-2016-2788

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

87.9%

JSON

Related for UB:CVE-2016-2788