CVE-2020-11652 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
saltstack	salt	𝑥 < 2019.2.4
saltstack	salt	3000 ≤ 𝑥 < 3000.2
opensuse	leap	15.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
blackberry	workspaces_server	𝑥 ≤ 7.1.3
blackberry	workspaces_server	8.0.0 ≤ 𝑥 ≤ 8.2.6
blackberry	workspaces_server	9.1.0
vmware	application_remote_collector	7.5.0
vmware	application_remote_collector	8.0.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

salt

bionic	Fixed 2017.7.4+dfsg1-1ubuntu18.04.2 released
eoan	ignored
focal	dne
jammy	not-affected
kinetic	not-affected
lunar	dne
mantic	dne
noble	dne
trusty	Fixed 0.17.5+ds-1ubuntu0.1~esm2 released
xenial	Fixed 2015.8.8+ds-1ubuntu0.1 released

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html

http://support.blackberry.com/kb/articleDetail?articleNumber=000063758

http://www.vmware.com/security/advisories/VMSA-2020-0009.html

https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst

https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG

https://usn.ubuntu.com/4459-1/

https://www.debian.org/security/2020/dsa-4676

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

http://packetstormsecurity.com/files/157678/SaltStack-Salt-Master-Minion-Unauthenticated-Remote-Code-Execution.html

http://support.blackberry.com/kb/articleDetail?articleNumber=000063758

http://www.vmware.com/security/advisories/VMSA-2020-0009.html

https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst

https://lists.debian.org/debian-lts-announce/2020/05/msg00027.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG

https://usn.ubuntu.com/4459-1/

https://www.debian.org/security/2020/dsa-4676

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11652