CVE-2016-5716

HIGH

Puppet Enterprise <2016.4.0 - RCE

Title source: llm

Description

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

References (1)

[Vendor Advisory] https://puppet.com/security/cve/pe-console-oct-2016

Scores

CVSS v3 8.8

EPSS 0.0233

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-134

Status published

Products (13)

Puppet/Puppet Enterprise PE < 2016.4.0

puppet/puppet_enterprise 2015.2.0

puppet/puppet_enterprise 2015.2.1

puppet/puppet_enterprise 2015.2.2

puppet/puppet_enterprise 2015.2.3

puppet/puppet_enterprise 2015.3.0

puppet/puppet_enterprise 2015.3.1

puppet/puppet_enterprise 2015.3.2

puppet/puppet_enterprise 2015.3.3

puppet/puppet_enterprise 2016.1.1

... and 3 more

Published Aug 09, 2017

Tracked Since Feb 18, 2026