nvd-json-data-feeds/CVE-2017/CVE-2017-22xx/CVE-2017-2290.json

{
  "id": "CVE-2017-2290",
  "sourceIdentifier": "security@puppet.com",
  "published": "2017-03-03T15:59:00.647",
  "lastModified": "2021-09-09T12:57:34.837",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next \"mco puppet\" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1."
    },
    {
      "lang": "es",
      "value": "En instalaciones de Windows del plugin mcollective-puppet-agent, versi\u00f3n 1.12.0, un usuario no administrador puede crear un ejecutable que ser\u00e1 ejecutado con privilegios de administrador en la siguiente ejecuci\u00f3n \"mco puppet\". Usuarios de Puppet Enterprise no est\u00e1n afectados. Esto est\u00e1 resuelto en mcollective-puppet-agent 1.12.1."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:puppet:mcollective-puppet-agent:1.12.0:*:*:*:*:puppet:*:*",
              "matchCriteriaId": "4571FE0F-CE25-424E-B871-7342AC6CD9FA"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/96583",
      "source": "security@puppet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://puppet.com/security/cve/cve-2017-2290",
      "source": "security@puppet.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}