Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists ACLs configured on affected Nexus...

Cisco Releases Security Updates for CML and VIRL-PE

Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition CML and Virtual Internet Routing Lab Personal Edition VIRL-PE. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity...

Hackers Compromise Cisco Servers Via SaltStack Flaws

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that ...

SaltStack FrameWork Vulnerabilities Affecting Cisco Products

On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition CML, Cisco TelePresence IX5000 Series, and Cisco...

Exploit for CVE-2020-11651

CVE-2020-11651 is a proof-of-concept PoC exploit for a vulnerability in the SaltStack master. The exploit is designed to obtain pre-auth RCE Remote Code Execution on a SaltStack master and all associated minions. The vulnerability is not explicitly stated in the provided code, but it is likely...

SaltStack Salt Master Detection

Binary data saltstacksaltremotedetection.nbin...

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations...

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...

SaltStack Salt Master/Minion Unauthenticated RCE

This module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager...

SaltStack Salt Master Server Root Key Disclosure

This module exploits unauthenticated access to the prepauthinfo method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations...

SaltStack < 2019.2.4 / 3000.x < 3000.2 Authentication Bypass (CVE-2020-11651)

Binary data saltstackcve202011651.nbin...

Exploit for CVE-2020-11651

PoC exploit for CVE-2020-11651, a remote code execution vulnerab...

SaltStack Salt Master Installed (Linux)

Binary data saltstacksaltlinuxinstalled.nbin...

SaltStack < 2019.2.4 / 3000.x < 3000.2 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is prior to 2019.2.4, 3000.x prior to 3000.2. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass vulnerabilities exists in the ClearFuncs class due to improper...

Saltstack 3000.1 Remote Code Execution Exploit

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

Saltstack Salt Authentication Bypass (CVE-2020-11651; CVE-2020-11652)

An authentication bypass vulnerability exists in Salt management framework. Successful exploitation of this vulnerability could allow a remote attacker to bypass login authentication and execute arbitrary commands on the affected system under the context of root...

Saltstack 3000.1 Remote Code Execution

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

Saltstack 3000.1 - Remote Code Execution

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

Exploit for CVE-2020-11651

CVE-2020-11651 PoC for CVE-2020-11651 Requires Python3 tested...

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...