VYPR
Critical severity9.8NVD Advisory· Published Feb 13, 2017· Updated Jun 17, 2026

CVE-2016-2788

CVE-2016-2788

Description

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

Affected products

13
  • cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:marionette_collective:2.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: >=3.8.0,<3.8.6
    • (no CPE)range: <2.8.9
  • Range: 2.7.0, 2.8.x < 2.8.9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.