CVE-2017-14696

moderate-risk
Published 2017-10-24

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

Do I need to act?

~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (15)

Affected Vendors

Saltstack

References (14)

Issue Tracking http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
Issue Tracking http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1500742
Issue Tracking https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Issue Tracking https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
Issue Tracking https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
Issue Tracking https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5...
Issue Tracking http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html
Issue Tracking http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1500742
Issue Tracking https://docs.saltstack.com/en/latest/topics/releases/2016.11.8.html
Issue Tracking https://docs.saltstack.com/en/latest/topics/releases/2016.3.8.html
Issue Tracking https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
Issue Tracking https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5...
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 5/34 · Minimal
Exposure 18/34 · Moderate