Help Center> Host Security Service (New)> Best Practices> Detecting and Fixing Vulnerabilities> SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
Updated on 2024-05-14 GMT+08:00
View PDF

SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)

Security researchers discovered two serious vulnerabilities in SaltStack's products. SaltStack provides a set of product offerings written in Python for automatic C/S O&M. One of the two discovered vulnerabilities is authentication bypass vulnerabilities (CVE-2020-11651), and the other is directory traversal vulnerability (CVE-2020-11652). Attackers can exploit the vulnerabilities to remotely execute commands, read any files on the server, and obtain sensitive information.

If you are a SaltStack user, check your system and implement timely security hardening.

Vulnerability ID

  • CVE-2020-11651
  • CVE-2020-11652

Vulnerability Name

SaltStack remote command execution vulnerability

Scope of Impact

Affected versions:

  • Versions earlier than SaltStack 2019.2.4
  • Versions earlier than SaltStack 3000.2

Unaffected versions:

  • SaltStack 2019.2.4
  • SaltStack 3000.2

Official Solution

  • These vulnerabilities have been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.

    Download address: https://repo.saltstack.com

  • The default listening ports of Salt Master are 4505 and 4506. You can configure security group rules that prohibit opening the two ports to public networks, or only allow trusted objects to connect to the ports.

Suggestion

Perform the following steps to scan and fix a vulnerability.
  • Detect and view system details. For details, see Viewing Vulnerability Details.
    Fix vulnerabilities and verify the result. For details, see Handling Vulnerabilities..
    Figure 1 Manually starting a vulnerability scan
  • Check whether ports 4505 and 4506 are enabled on the server.
    If ports 4505 and 4506 are enabled, you are advised to disable them or enable them only for trusted objects. For details, see Viewing Server Asset Fingerprints.
    Figure 2 Checking open ports
  • Check for, isolate, and kill Trojans.
    Isolate and kill the mining Trojan. For details, see Managing Isolated Files.
    Figure 3 Managing the isolated files