Improper Authentication in SaltStack Salt
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-5192 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Salt Web applications / Remote management & hosting panels |
| Vendor | SaltStack |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU32162
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5192
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
MitigationInstall update from vendor's website.
Vulnerable software versionsSalt: 2015.8.0 - 2016.11.1
External linkshttp://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
http://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
http://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
