HTTP: SaltStack Salt API SSH Client Command Injection

This signature detects attempts to exploit a known vulnerability against SaltStack Salt. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Affected Products

Opensuse leap

References

CVE: CVE-2020-16846

Short Name
HTTP:CTS:SALTSTACK-SSH-CMD-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
API CVE-2020-16846 Client Command Injection SSH Salt SaltStack
Release Date
11/20/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3781
False Positive
Unknown
Vendors

Opensuse

Saltstack

Fedoraproject

Debian

CVSS Score

7.5

Found a potential security threat?