Vulnerabilities in the Open-source and commercial Salt management framework

BW Online Bureau May 04, 2020

On April 30, F-Secure Labs published an advisory for two vulnerabilities (CVE-2020-11651 and CVE-2020-11652), in the open-source and commercial Salt management framework, which is used in data centres and cloud environments as a configuration, monitoring, and update tool. Shortly after the public disclosure of both critical vulnerabilities, exploitation attempts were observed, as two open-source projects were breached using these flaws.

Satnam Narang, Principal Research Engineer at Tenable said, "Active exploitation has been observed in the wild for two critical flaws in the Salt management framework, which is used in data centers and cloud environments to configure, monitor and update systems. This is achieved by a "master" server that can control agents called "minions." When combined, the two flaws can be used to gain remote command execution as root on both the master server and minions.

Attackers appear to have successfully utilized these vulnerabilities to breach the infrastructure of LineageOS, an open-source Android operating system, and Ghost, an open-source blogging platform. We believe additional successful attacks may be revealed in the coming days and weeks.

For organizations that use Salt in their environment, it's critically important to apply the available patches to vulnerable assets as soon as possible. If patching isn't possible, ensure that proper network security controls are in place for the Salt master."

DIGITAL INDIA

Sep 28, 2024

Genesys International Awarded Rs 35 Cr Projects By Neom, Saudi Geological Survey

2 mins read

DIGITAL INDIA

Jul 04, 2024

India’s Ambitious Smart Metering Programme Requires Smart Cybersecurity Measures

5 mins read

DIGITAL INDIA

Jun 24, 2024

Unlocking Opportunities: Strategies For Luxury Real Estate Investment In India

4 mins read

DIGITAL INDIA

Jan 09, 2024

Ayodhya Development Authority Adopts Genesys' New India Map Platform As Official Map

2 mins read

DIGITAL INDIA

Dec 19, 2023

Genesys International To Transform Dharavi With Cutting-edge Digital Twin Mapping Technology

2 mins read

DIGITAL INDIA

Dec 12, 2023

Digital Public Infrastructure Empowers 97% Of Indians With Digital ID, Sparks Startup Ecosystem Surge: Redseer Report

3 mins read

Vulnerabilities in the Open-source and commercial Salt management framework

Also Read

Lodha Posts Record Quarterly Pre-sales Of Rs 42.9 Bn

Manohar International Airport Introduces GOX Pass, India's First Passenger Privilege Programme

Genesys International Awarded Rs 35 Cr Projects By Neom, Saudi Geological Survey

Rajiv Gandhi International Airport Introduces Exclusive General Aviation Terminal For Private Aircraft Users

Royal Orchid Hotels Upgrades To Hotelogix To Take Their 100+ Properties To The Cloud

Indian Hospitality Sector Sees 4.8% Growth In Q2 2024: JLL Report

321 Crores allotted for Smart City Varanasi says CEO, Varanasi Smart City Dr Nitin Bansal

'Transforming An Ancient City Comes With Unique Challenges’

Ensure better implementation of projects: Khattar

Sweden runs out of garbage, imports from other countries!

Bhendi Bazaar: Systematic urban development is need of the hour

Now smart phones can tell about daily power consumption

NHAI Settles Rs 15,700 Crore Debt, Saves Rs 1,000 Crore In Interest

Concorde Acquires 4.5 Acres Land In Bengaluru With Investment of Rs 100 Cr

GMR Hyderabad International Airport Starts New Flight Service To Sindhudurg

Certus Capital Invests Rs. 130 Cr In Pune Commercial Real Estate Via Earnnest.Me

ArcelorMittal Nippon Steel India Celebrates ‘Safety Month’

Construction Of International Film City In YEIDA Set To Commence Within Two Months

Indian Office Space Sector Sees Revival, Surpasses Pre-COVID Levels in 2023: CREDAI Report

Pune Municipal Corporation Plans Rs 1,200 Cr Upgrade For STPs

Long-Awaited Mumbai Coastal Road Project Set For Partial Inauguration

Stay in the know with our newsletter