Plattform
ruby
Komponente
puppet
Behoben in
2.7.18
CVE-2012-3408 affects Puppet versions 2.7.9 and earlier, and Puppet Enterprise versions prior to 2.5.2. This vulnerability stems from Puppet's handling of certnames, allowing the use of IP addresses without adequate warnings. An attacker could potentially spoof a Puppet agent by acquiring and reusing a previously used IP address, leading to unauthorized access and configuration changes. A fix is available in Puppet 2.7.18.
The primary impact of CVE-2012-3408 is the potential for unauthorized configuration changes. An attacker who can successfully spoof a Puppet agent can execute commands and modify the configuration of managed nodes as if they were the legitimate agent. This could lead to the deployment of malicious software, data exfiltration, or disruption of services. The risk is amplified in environments where agent authentication is not rigorously enforced. While the CVSS score is LOW, the potential for widespread impact across a managed infrastructure makes this a significant concern, particularly in larger deployments.
CVE-2012-3408 was publicly disclosed in 2017. There is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept exploits are widely known. It is not listed on the CISA KEV catalog. The vulnerability's age and relatively low CVSS score suggest a low probability of exploitation, but diligent patching remains essential.
Exploit-Status
EPSS
0.26% (49% Perzentil)
The recommended mitigation for CVE-2012-3408 is to upgrade to Puppet version 2.7.18 or Puppet Enterprise version 2.5.2 or later. If immediate upgrading is not possible, consider implementing stricter agent authentication controls, such as requiring certificate signing and validation. Review your Puppet configuration to ensure that certnames are not easily predictable or guessable. While a WAF or proxy cannot directly address this vulnerability, they can be used to monitor for unusual agent activity and potential spoofing attempts. There are no specific Sigma or YARA rules readily available for this CVE.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2012-3408 is a vulnerability in Puppet versions ≤2.7.9 and Puppet Enterprise before 2.5.2 that allows attackers to spoof Puppet agents by reusing IP addresses in certnames, potentially leading to unauthorized access.
You are affected if you are running Puppet versions 2.7.9 or earlier, or Puppet Enterprise versions prior to 2.5.2. Check your Puppet version using pupdump version.
Upgrade to Puppet version 2.7.18 or later to resolve this vulnerability. This update implements stricter validation of certnames.
There is no public evidence of active exploitation campaigns targeting CVE-2012-3408 at this time.
Refer to the official Puppet security advisory for CVE-2012-3408: https://puppet.com/security/advisories/cve-2012-3408
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Gemfile.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.