SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
Security researchers discovered two serious vulnerabilities in SaltStack's products. SaltStack provides a set of product offerings written in Python for automatic C/S O&M. One of the two discovered vulnerabilities is authentication bypass vulnerabilities (CVE-2020-11651), and the other is directory traversal vulnerability (CVE-2020-11652). Attackers can exploit the vulnerabilities to remotely execute commands, read any files on the server, and obtain sensitive information.
If you are a SaltStack user, check your system and implement timely security hardening.
Vulnerability ID
- CVE-2020-11651
- CVE-2020-11652
Vulnerability Name
SaltStack remote command execution vulnerability
Scope of Impact
Affected versions:
- Versions earlier than SaltStack 2019.2.4
- Versions earlier than SaltStack 3000.2
Unaffected versions:
- SaltStack 2019.2.4
- SaltStack 3000.2
Official Solution
- These vulnerabilities have been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.
Download address: https://repo.saltstack.com
- The default listening ports of Salt Master are 4505 and 4506. You can configure security group rules that prohibit opening the two ports to public networks, or only allow trusted objects to connect to the ports.
Suggestion
- Detect and view system details. For details, see Viewing Vulnerability Details.
Fix vulnerabilities and verify the result. For details, see Handling Vulnerabilities..Figure 1 Manually starting a vulnerability scan
- Check whether ports 4505 and 4506 are enabled on the server.
If ports 4505 and 4506 are enabled, you are advised to disable them or enable them only for trusted objects.
- Check for, isolate, and kill Trojans.
Isolate and kill the mining Trojan. For details, see Managing Isolated Files.Figure 2 Managing the isolated files
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.