Lucene search

CVE-2020-25592 — SaltStack Authentication Bypass and Salt SSH Command Execution

🗓️ 06 Nov 2020 00:00:00Reported by AttackerKBType

CVE-2020-25592 SaltStack authentication bypass and Salt SSH command executio

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Rapid7 Blog	SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know	10 Nov 202014:22	–	rapid7blog
Rapid7 Blog	Metasploit Wrap-Up	13 Nov 202019:08	–	rapid7blog
AttackerKB	CVE-2020-16846 — SaltStack Unauthenticated Shell Injection	6 Nov 202000:00	–	attackerkb
AttackerKB	CVE-2020-11652	30 Apr 202000:00	–	attackerkb
AttackerKB	CVE-2020-11651	30 Apr 202000:00	–	attackerkb
Packet Storm	SaltStack Salt REST API Arbitrary Command Execution	12 Nov 202000:00	–	packetstorm
Packet Storm	SaltStack Salt Master/Minion Unauthenticated Remote Code Execution	12 May 202000:00	–	packetstorm
Packet Storm	Saltstack 3000.1 Remote Code Execution	5 May 202000:00	–	packetstorm
Packet Storm	SaltStack Salt Master Server Root Key Disclosure	31 Aug 202400:00	–	packetstorm
0day.today	SaltStack Salt REST API Arbitrary Command Execution Exploit	12 Nov 202000:00	–	zdt

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
saltstack	www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/
lists	www.lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
security	www.security.gentoo.org/glsa/202011-13
lists	www.lists.debian.org/debian-lts-announce/2020/12/msg00007.html
debian	www.debian.org/security/2021/dsa-4837
attackerkb	www.attackerkb.com/topics/FrF3udya6o/cve-2020-16846
docs	www.docs.saltstack.com/en/latest/topics/releases/index.html
packetstormsecurity	www.packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Nov 2020 00:00Current

10High risk

Vulners AI Score10

CVSS27.5

CVSS39.8

EPSS0.9439