Vulnerability identifier: #VU64660

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22967

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a missing check for PAM_ACCT_MGM return value. A remote user whose account is locked can continue to run Salt commands.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Salt: 3004 - 3004.1, 3003 - 3003.4, 3002 - 3002.8, 3001 - 3001.8, 3000 - 3000.9, 2019.2 - 2019.8, 2018.2 - 2018.11, 2017.5 - 2017.7.8, 2016.3 - 2016.11.10, 2015.2 - 2015.8.13, 2014.1 - 2014.7.9, 0.17 - 0.17.5, 0.16 - 0.16.4, 0.15.0 - 0.15.90, 0.14.0 - 0.14.1, 0.13.0 - 0.13.3, 0.12.0 - 0.12.1, 0.11.0 - 0.11.1, 0.10.0 - 0.10.5, 0.9.0 - 0.9.9, 0.8.0 - 0.8.9, 0.7.0, 0.6.0

---

External links
http://repo.saltproject.io/
http://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.