#VU32162 Improper Authentication in Salt
Vulnerability identifier: #VU32162
Vulnerability risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Salt
Web applications /
Remote management & hosting panels
Vendor: SaltStack
Description
The vulnerability allows a remote authenticated user to execute arbitrary code.
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Salt: 2015.8.0 - 2015.8.12, 2016.3.0 - 2016.11.1
External links
http://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html
http://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html
http://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
