How severe is CVE-2018-6513?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-6513?

This is classified as CWE-426, which is a common weakness in software security.

CVE-2018-6513 - HIGH Severity | CVSS 8.8

Vulnerability Description

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.

Related Vulnerabilities

CVE-2016-1417

HIGH

CVSS:8.8(High)

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same ...

CWE-4262016

CVE-2017-2149

HIGH

CVSS:8.8(High)

Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wi...

CWE-4262017

CVE-2017-2177

HIGH

CVSS:8.8(High)

Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017

CVE-2017-2178

HIGH

CVSS:8.8(High)

Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspe...

CWE-4262017

CVE-2017-2206

HIGH

CVSS:8.8(High)

Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017

CVE-2017-2207

HIGH

CVSS:8.8(High)

Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017