Critical severity9.8NVD Advisory· Published Feb 13, 2017· Updated Jun 17, 2026
CVE-2016-2788
CVE-2016-2788
Description
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Affected products
13cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:marionette_collective:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: >=3.8.0,<3.8.6
- (no CPE)range: <2.8.9
- Range: 2.7.0, 2.8.x < 2.8.9
Patches
Vulnerability mechanics
References
1- puppet.com/security/cve/cve-2016-2788nvdVendor Advisory
News mentions
0No linked articles in our index yet.