HomeCyber SecurityVulnerabilities in the Open-source and commercial Salt management framework

Vulnerabilities in the Open-source and commercial Salt management framework

On April 30, F-Secure Labs published an advisory for two vulnerabilities (CVE-2020-11651 and CVE-2020-11652), in the open-source and commercial Salt management framework, which is used in data centers and cloud environments as a configuration, monitoring, and update tool.
Shortly after the public disclosure of both critical vulnerabilities, exploitation attempts were observed, as two open-source projects were breached using these flaws.
Satnam Narang, Principal Research Engineer at Tenable said, “Active exploitation has been observed in the wild for two critical flaws in the Salt management framework, which is used in data centers and cloud environments to configure, monitor and update systems. This is achieved by a “master” server that can control agents called “minions.” When combined, the two flaws can be used to gain remote command execution as root on both the master server and minions.
Attackers appear to have successfully utilized these vulnerabilities to breach the infrastructure of LineageOS, an open-source Android operating system, and Ghost, an open-source blogging platform. We believe additional successful attacks may be revealed in the coming days and weeks.
For organizations that use Salt in their environment, it’s critically important to apply the available patches to vulnerable assets as soon as possible. If patching isn’t possible, ensure that proper network security controls are in place for the Salt master.
Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS