What is CVE-2016-5714?

CVE-2016-5714 is a high-severity vulnerability in Puppet Puppet_agent, classified under Improper Access Control. CVSS score: 7.2/10. Published 2017-10-18.

How severe is CVE-2016-5714?

High severity. CVSS v3 base score is 7.2 out of 10.

Vulnerability in Puppet Puppet_agent

CVE-2016-5714

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command va…

EPSS: 0.010 (77.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Puppet Puppet_agent
Puppet Puppet_enterprise — versions 2015.3.3, 2016.1.1, 2016.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
cve@mitre.org (Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-5714?: CVE-2016-5714 is a high-severity vulnerability in Puppet Puppet_agent, classified under Improper Access Control. CVSS score: 7.2/10. Published 2017-10-18.
How severe is CVE-2016-5714?: High severity. CVSS v3 base score is 7.2 out of 10.