Overview

CVE-2018-6514 - Facter tries to load DLLs from the current working directory

  • Posted June 7, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 7.5

Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.

Status:

Affected software versions:

  • Puppet Agent 1.10.x prior to 1.10.13
  • Puppet Agent 5.3.x prior to 5.3.7
  • Puppet Agent 5.5.x prior to 5.5.2

Resolved in:

  • Puppet Agent 1.10.13
  • Puppet Agent 5.3.7
  • Puppet Agent 5.5.2