CVE-2018-6516 - PE Client Tools Loading Openssl.cnf From an Insecure Location

  • Posted June 7, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 8.8

On Windows only, with a specifically crafted configuration file an attacker could get PE client tools to load arbitrary code with privilege escalation.

Status:

Affected software versions:

  • pe-client-tools 16.4.x prior to 16.4.6
  • pe-client-tools 17.3.x prior to 17.3.6
  • pe-client-tools 18.1.x prior to 18.1.2

Resolved in:

  • pe-client-tools 16.4.6
  • pe-client-tools 17.3.6
  • pe-client-tools 18.1.2
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.