CVE-2017-14696

MEDIUM

Description

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

References

http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html

http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html

https://bugzilla.redhat.com/show_bug.cgi?id=1500742

https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html

https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b

Details

Source: MITRE

Published: 2017-10-24

Updated: 2017-11-15

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* versions up to 2016.3.7 (inclusive)

cpe:2.3:a:saltstack:salt:2016.11:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.0:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.1:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.1:rc1:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.1:rc2:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.2:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.3:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.4:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.5:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.6:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2016.11.7:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2017.7.0:*:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2017.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:saltstack:salt:2017.7.1:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
121806	Photon OS 1.0: Salt PHSA-2018-1.0-0106	Nessus	PhotonOS Local Security Checks	high
111917	Photon OS 1.0: Salt PHSA-2018-1.0-0106 (deprecated)	Nessus	PhotonOS Local Security Checks	high
109293	openSUSE Security Update : salt (openSUSE-2018-388)	Nessus	SuSE Local Security Checks	high
105480	SUSE SLES11 Security Update : Salt (SUSE-SU-2017:3381-1)	Nessus	SuSE Local Security Checks	high
104759	FreeBSD : salt -- multiple vulnerabilities (50127e44-7b88-4ade-8e12-5d57320823f1)	Nessus	FreeBSD Local Security Checks	high
104087	openSUSE Security Update : salt (openSUSE-2017-1183)	Nessus	SuSE Local Security Checks	high
104086	openSUSE Security Update : salt (openSUSE-2017-1182)	Nessus	SuSE Local Security Checks	high