Vulnerability identifier: #VU15545
Vulnerability risk: Low
Exploitation vector: Network
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper security restrictions imposed on the salt-api component. A remote attacker can use the salt-apicomponent to send a request that submits malicious input, bypass authentication and execute arbitrary commands on the system.
The vulnerability has been addressed in the versions 2017.7.8, 2018.3.3.
Vulnerable software versions
Salt: 2017.7.0 - 2017.7.7, 2018.3.0 - 2018.3.2
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?