CVE-2018-6514 - Facter Tries to Load DLLs from the Current Working Directory

  • Posted June 7, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 7.5

Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.

Status:

Affected software versions:

  • Puppet Agent 1.10.x prior to 1.10.13
  • Puppet Agent 5.3.x prior to 5.3.7
  • Puppet Agent 5.5.x prior to 5.5.2

Resolved in:

  • Puppet Agent 1.10.13
  • Puppet Agent 5.3.7
  • Puppet Agent 5.5.2
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.