9.8

CVE-2020-16846

Warnung
Exploit
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SaltstackSalt Version < 2015.8.10
SaltstackSalt Version >= 2015.8.11 < 2015.8.13
SaltstackSalt Version >= 2016.3.0 < 2016.3.4
SaltstackSalt Version >= 2016.3.5 < 2016.3.6
SaltstackSalt Version >= 2016.3.7 < 2016.3.8
SaltstackSalt Version >= 2016.11.0 < 2016.11.3
SaltstackSalt Version >= 2016.11.4 < 2016.11.6
SaltstackSalt Version >= 2016.11.7 < 2016.11.10
SaltstackSalt Version >= 2017.5.0 < 2017.7.4
SaltstackSalt Version >= 2017.7.5 < 2017.7.8
SaltstackSalt Version >= 2018.2.0 < 2018.3.5
SaltstackSalt Version >= 2019.2.0 < 2019.2.5
SaltstackSalt Version >= 3000.0 < 3000.3
SaltstackSalt Version3001
SaltstackSalt Version3002
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version31
OpensuseLeap Version15.1

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

SaltStack Salt Shell Injection Vulnerability

Schwachstelle

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.59% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
Third Party Advisory
Exploit
VDB Entry
https://github.com/saltstack/salt/releases
Release Notes
https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
Release Notes
https://security.gentoo.org/glsa/202011-13
Third Party Advisory
https://www.debian.org/security/2021/dsa-4837
Third Party Advisory
Mailing List
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Vendor Advisory
Broken Link
https://www.zerodayinitiative.com/advisories/ZDI-20-1379/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-1380/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-1381/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-1382/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-1383/
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846
US Government Resource