Main Vulnerability Database SB2020052809

SB2020052809 - SaltStack vulnerabilities in Cisco Modeling Labs and Virtual Internet Routing Lab

Published: May 28, 2020 Updated: March 22, 2024

Security Bulletin ID SB2020052809

Severity

Critical

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2020-11651)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the salt-master process "ClearFuncs" class does not properly validate method calls. A remote non-authenticated attacker can bypass authentication process and gain access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minion as root.

Note: this vulnerability is being actively exploited in the wild.

2) Path traversal (CVE-ID: CVE-2020-11652)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the salt-master process ClearFuncs class. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG