cbcvebase.
CVE-2016-3176
published 2017-01-31

CVE-2016-3176: Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication…

PriorityP431medium5.6CVSS 3.0
AVNACHPRNUINSUCLILAL
EPSS
0.87%
54.3th percentile
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Affected

11 ranges
VendorProductVersion rangeFixed in
saltstacksalt<= 2015.5.9
saltstacksalt
saltstacksalt
saltstacksalt
saltstacksalt
saltstacksalt
saltstacksalt
saltstacksalt
saltstacksalt>= 0 < 2015.5.102015.5.10
saltstacksalt>= 0 < 0.17.5+ds-1ubuntu0.1~esm50.17.5+ds-1ubuntu0.1~esm5
saltstacksalt>= 2015.8 < 2015.8.82015.8.8

CVSS provenance

nvdv3.05.6MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv3.3LOW
vendor_redhat5.6MEDIUM
vendor_ubuntu3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.