I. Overview

Security researchers discovered two serious vulnerabilities in SaltStack's products. SaltStack provides a set of product offerings written in Python for automatic C/S O&M. One of the two discovered vulnerabilities is authentication bypass vulnerability (CVE-2020-11651), and the other is directory traversal vulnerability (CVE-2020-11652). Attackers can exploit the vulnerabilities to remotely execute commands, read any file on the server, and obtain sensitive information.

If you are a SaltStack user, check your system and implement timely security hardening.

Reference link:

https://labs.f-secure.com/advisories/saltstack-authorization-bypass

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected Versions:

SaltStack versions earlier than 2019.2.4

SaltStack versions earlier than 3000.2

Secure Versions:

SaltStack 2019.2.4

SaltStack 3000.2

IV. Vulnerability Handling

These vulnerabilities have been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.

Download path: https://repo.saltstack.com

The default listening ports of Salt Master are 4505 and 4506. You can configure security group rules that prohibit opening the two ports to public networks, or only allow trusted objects to connect to the ports.

Host Security Service (HSS), provided by HUAWEI CLOUD, can detect SaltStack RCE vulnerabilities in operating systems that already have fixed patches, and can scan and protect against trojans.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.