Security News > 2020 > May > Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments.
Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.
"The vulnerabilities described in this advisory allow an attacker who can connect to the 'request server' port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the 'master' server filesystem and steal the secret key used to authenticate to the master as root," the researchers said.
Detecting Vulnerable Salt Masters F-Secure researchers said an initial scan revealed more than 6,000 vulnerable Salt instances exposed to the public internet.
"Adding network security controls that restrict access to the salt master to known minions, or at least block the wider Internet, would also be prudent as the authentication and authorization controls provided by Salt are not currently robust enough to be exposed to hostile networks," the researchers said.