Arbitrary Code Execution in MCollective 2.7.0 and 2.8.x

Arbitrary Code Execution in MCollective 2.7.0 and 2.8.x

CVE-2016-2788 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

Learn more about our Web Application Penetration Testing UK.