SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
Security researchers discovered two serious vulnerabilities in SaltStack's products. SaltStack provides a set of product offerings written in Python for automatic C/S O&M. One of the two discovered vulnerabilities is authentication bypass vulnerabilities (CVE-2020-11651), and the other is directory traversal vulnerability (CVE-2020-11652). Attackers can exploit the vulnerabilities to remotely execute commands, read any files on the server, and obtain sensitive information.
If you are a SaltStack user, check your system and implement timely security hardening.
SaltStack remote command execution vulnerability
Scope of Impact
- Versions earlier than SaltStack 2019.2.4
- Versions earlier than SaltStack 3000.2
- SaltStack 2019.2.4
- SaltStack 3000.2
- These vulnerabilities have been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.
Download address: https://repo.saltstack.com
- The default listening ports of Salt Master are 4505 and 4506. You can configure security group rules that prohibit opening the two ports to public networks, or only allow trusted objects to connect to the ports.
- Scan for vulnerabilities and view details, as shown in Figure 1. For details, see Viewing Details of a Vulnerability.
Fix vulnerabilities and verify the result. For details, see Fixing Vulnerabilities and Verifying the Result.
- Check whether ports 4505 and 4506 are enabled on the server, as shown in Figure 2.
If the ports are enabled, you are advised to disable them, or to enable them only for trusted objects. For details, see Checking Open Ports.
- Check for, isolate, and kill Trojans, as shown in Figure 3.
For details about how to isolate and kill Trojans, see Managing Isolated Files.
Was this page helpful?Provide feedback
For any further questions, feel free to contact us through the chatbot.Chatbot