Privilege Escalation Vulnerability in Puppet Agent on Windows

Privilege Escalation Vulnerability in Puppet Agent on Windows

CVE-2018-6515 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.

Learn more about our Web Application Penetration Testing UK.