CVE-2016-2788
CRITICAL9.8EPSS 2.0%Published: 2/13/2017Modified: 4/28/2026
Description
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Affected packages (1)
- Debian/mcollectivefrom 0, < 2.12.0+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |