#VU58292 Command Injection in Salt - CVE-2021-31607


Vulnerability identifier: #VU58292

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-31607

CWE-ID: CWE-77

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Salt
Web applications / Remote management & hosting panels

Vendor: SaltStack

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to command injection in the snapper module. A local user can escalate privileges on a minion.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Salt: 2016.9 - 2016.11.10, 2017.5 - 2017.7.8, 2018.2 - 2018.11, 2019.2 - 2019.8, 3000 - 3000.9, 3001 - 3001.7, 3002 - 3002.6

External links
https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
https://bugzilla.redhat.com/show_bug.cgi?id=1953065
https://github.com/saltstack/salt/commit/43e4ac985a2fc5f0d596c9fc6bc700b0d1af5344
https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Salt
Multiple vulnerabilities in Dell EMC VxRail Appliance
Debian update for salt
Fedora 35 update for salt
Fedora 34 update for salt
Fedora 33 update for salt
SUSE update for SUSE Manager Server 4.0
SUSE update for SUSE Manager Client Tools
SUSE update for SUSE Manager Client Tools
SUSE update for SUSE Manager Client Tools