CVE-2020-11651

Description from NVD

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

Information Acquisition Date:2021-04-27T10:41Z

CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
source:MISC
tags:Vendor Advisory

https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
source:MISC
tags:Third Party Advisory

openSUSE-SU-2020:0564
source:SUSE
tags:Mailing List Third Party Advisory

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
source:MISC
tags:Exploit Third Party Advisory

DSA-4676
source:DEBIAN
tags:Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2020-0009.html
source:CONFIRM
tags:

http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html
source:MISC
tags:

20200528 SaltStack FrameWork Vulnerabilities Affecting Cisco Products
source:CISCO
tags:

[debian-lts-announce] 20200530 [SECURITY] [DLA 2223-1] salt security update
source:MLIST
tags:

openSUSE-SU-2020:1074
source:SUSE
tags:

USN-4459-1
source:UBUNTU
tags:

Description from Forti

SaltStack ClearFuncs Handling Authentication Bypass

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in SaltStack Salt.The vulnerability is due to unintentionally exposed methods that allows an attacker to bypass authentication and disclose sensitive information and further perform code execution on the vulnerable system.

Information Acquisition Date:2020/06/01

Affected Products

SaltStack Salt before 2019.2.4 and 3000 before 3000.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Applied latest upgrade or patch from the vendor:
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: SaltStack(1 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	245
http://newsbythehour.org/cybr	30
https://lists.astaro.com/ASGV9-IPS-rules.html	27
https://github.com/saltstack/salt/issues/57057	6
https://saltexploit.com/	6
https://community.saltstack.com/blog/critical-vulnerabiliti...	6
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-...	5
https://blog.trendmicro.co.jp/archives/25357	5
https://twitter.com/SaltTips/status/1255617859759284226	4
https://www.mcafee.com/content/dam/enterprise/en-us/assets/...	4
https://labs.f-secure.com/advisories/saltstack-authorizatio...	4
https://docs.saltstack.com/en/latest/topics/releases/2019.2...	4
https://noticiasseguridad.com/vulnerabilidades/pasar-el-con...	4
https://bit.ly/3fbBpUX	3
https://ift.tt/36DNkqt	3
https://threatpost.com/salt-bugs-full-rce-root-cloud-server...	3
https://www.vmware.com/security/advisories/vmsa-2020-0009.html	3
https://www.jpcert.or.jp/at/2020/at200020.html	3
https://thehackernews.com/2020/05/saltstack-rce-vulnerabili...	3
https://www.saltstack.com/	3
https://xen-orchestra.com/blog/saltstack-cve-2020-11651-and...	3
https://ipssignatures.appspot.com/?cve=CVE-2020-11651	3
https://www.securitynewspaper.com/2020/04/30/passing-total-...	3

Information from Twitter

User	URL	Info Source	Date
buaqbot	https://ift.tt/xqlIWbc	Source buaqbot 1553223913140031489	2022/07/30
buaqbot	https://ift.tt/mThuIs0	Source buaqbot 1553223913140031489	2022/07/30

List of frequently cited URLs

URL	Num of Times Referred to
alerts.vulmon.com	245
newsbythehour.org	30
lists.astaro.com	27
github.com	6
saltexploit.com	6
community.saltstack.com	6
www.tenable.com	5
blog.trendmicro.co.jp	5
twitter.com	4
www.mcafee.com	4
labs.f-secure.com	4
docs.saltstack.com	4
noticiasseguridad.com	4
bit.ly	3
ift.tt	3
threatpost.com	3
www.vmware.com	3
www.jpcert.or.jp	3
thehackernews.com	3
www.saltstack.com	3
xen-orchestra.com	3
ipssignatures.appspot.com	3
www.securitynewspaper.com	3

Information from Twitter

User	URL	Info Source
buaqbot	ift.tt	Show Tweet
buaqbot	ift.tt	Show Tweet

GitHub Search Results: Up to 10

Name	URL
No Data

GitHub Search Results: Up to 10

Name	URL
No Data

2022/07/30 Score : 1
Added Har-sia Database : 2020/04/30
Last Modified : 2022/07/30
Highest Scored Date : 2020/05/05
Highest Score : 59