Improper Authentication in SaltStack Salt
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU32162
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-5192
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 2015.8.0 - 2016.11.1
CPE2.3- cpe:2.3:a:saltstack:salt:2015.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:saltstack:salt:2015.8.8.2:*:*:*:*:*:*:*
https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
