CVE-2016-2788
high-risk
Published 2017-02-13
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (11)
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Marionette Collective
Affected Vendors
References (2)
Vendor Advisory
https://puppet.com/security/cve/cve-2016-2788
Vendor Advisory
https://puppet.com/security/cve/cve-2016-2788
53
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
16/34 · Moderate