CVE-2013-4966
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.
El script maestro de clasificación de nodo externo en Puppet Enterprise anterior a 3.2.0 no verifica la identidad de consolas, lo que permite a atacantes remotos crear clasificaciones arbitrarias en el maestro mediante la falsificación de una consola.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-07-29 CVE Reserved
- 2014-03-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1029873 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://puppetlabs.com/security/cve/cve-2013-4966 | 2019-07-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | <= 3.1.1 Search vendor "Puppet" for product "Puppet Enterprise" and version " <= 3.1.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 3.0.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "3.0.0" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 3.0.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "3.0.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 3.1.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "3.1.0" | - |
Affected
| ||||||