CVE-2016-2786 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-2786 Interim 1 27 2025-04-15T23:39:36Z current 2021-05-30T13:39:57Z 2025-04-15T23:39:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-2786 The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 puppet puppet-server puppet as a component of SUSE Linux Enterprise Desktop 12 puppet as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 puppet-server as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 puppet as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata puppet as a component of SUSE Linux Enterprise Server 11 SP2 LTSS puppet as a component of SUSE Linux Enterprise Server 11 SP3 LTSS puppet as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata puppet as a component of SUSE Linux Enterprise Server 11 SP4-LTSS puppet-server as a component of SUSE Linux Enterprise Server 11 SP4-LTSS The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. CVE-2016-2786 SUSE Linux Enterprise Desktop 12:puppet SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet SUSE Linux Enterprise Module for Advanced Systems Management 12:puppet-server SUSE Linux Enterprise Server 11 SP1 for Teradata:puppet SUSE Linux Enterprise Server 11 SP2 LTSS:puppet SUSE Linux Enterprise Server 11 SP3 LTSS:puppet SUSE Linux Enterprise Server 11 SP3 for Teradata:puppet SUSE Linux Enterprise Server 11 SP4-LTSS:puppet SUSE Linux Enterprise Server 11 SP4-LTSS:puppet-server critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H