Advertisement

Vulnerabilities in the Open-source and commercial Salt management framework

On April 30, F-Secure Labs published an advisory for two vulnerabilities (CVE-2020-11651 and CVE-2020-11652), in the open-source and commercial Salt management framework, which is used in data centers and cloud environments as a configuration, monitoring, and update tool.

On April 30, F-Secure Labs published an advisory for two vulnerabilities (CVE-2020-11651 and CVE-2020-11652), in the open-source and commercial Salt management framework, which is used in data centres and cloud environments as a configuration, monitoring, and update tool. Shortly after the public disclosure of both critical vulnerabilities, exploitation attempts were observed, as two open-source projects were breached using these flaws. 


Satnam Narang, Principal Research Engineer at Tenable said, "Active exploitation has been observed in the wild for two critical flaws in the Salt management framework, which is used in data centers and cloud environments to configure, monitor and update systems. This is achieved by a "master" server that can control agents called "minions." When combined, the two flaws can be used to gain remote command execution as root on both the master server and minions. 


Attackers appear to have successfully utilized these vulnerabilities to breach the infrastructure of LineageOS, an open-source Android operating system, and Ghost, an open-source blogging platform. We believe additional successful attacks may be revealed in the coming days and weeks.


For organizations that use Salt in their environment, it's critically important to apply the available patches to vulnerable assets as soon as possible. If patching isn't possible, ensure that proper network security controls are in place for the Salt master."