V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-3408
DEB
Low

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames with…

CVSS
2.6
Low
EPSS
0.02
p73
Published
2012-01-01
Updated
2012-01-01
Description

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.

Tags · CWE
CWE-287
CAPEC-22
CAPEC-57
CAPEC-94
CAPEC-114
CAPEC-115
CAPEC-151
CAPEC-194
CAPEC-593
CAPEC-633
CAPEC-650
Affected products
Puppet_enterprise < 2.5.2Puppet < 2.7.18
CVSS vector
AV:N/AC:H/Au:N/C:P/I:N/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.016 · p73
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-57 · CWE-287
└ via CAPEC-633 · CWE-287
└ via CAPEC-593 · CWE-287
└ via CAPEC-650 · CWE-287
└ via CAPEC-114 · CWE-287
└ via CAPEC-593 · CWE-287
└ via CAPEC-94 · CWE-287
└ via CAPEC-593 · CWE-287
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetTracked
puppetTracked
puppetTracked
puppet*Tracked
puppet_enterprise*Tracked
Source databases
DEB
CVE
UBU