⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-16846

CWE-78OS Command Injection17 documents11 sources
Severity
9.8CRITICAL
EPSS
94.4%
top 0.03%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Saltstack SaltDebian Debian LinuxFedoraproject Fedora+1 more
Timeline
PublishedNov 6
KEV addedNov 3
KEV dueMay 3
Latest updateMar 3
CISA Required Action: Apply updates per vendor instructions.

Description

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDsaltstack/salt2015.8.112015.8.13+14
PyPIsalt2016.3.02016.3.8+21
Ubuntusalt< 2015.8.8+ds-1ubuntu0.1+esm2+1
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 9.0, Fedora 31

🔴Vulnerability Details

6
OSV
salt vulnerabilities2024-08-08
GHSA
SaltStack Salt Command Injection in netapi ssh client2022-05-24
OSV
SaltStack Salt Command Injection in netapi ssh client2022-05-24
CVEList
CVE-2020-16846: An issue was discovered in SaltStack Salt through 30022020-11-06
OSV
CVE-2020-16846: An issue was discovered in SaltStack Salt through 30022020-11-06

💥Exploits & PoCs

1
Nuclei
SaltStack <=3002 - Shell Injection

🔍Detection Rules

4
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M2 (CVE-2020-16846)2025-03-03
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M4 (CVE-2020-16846)2025-03-03
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M3 (CVE-2020-16846)2025-03-03
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M1 (CVE-2020-16846)2021-01-07

📋Vendor Advisories

4
Ubuntu
Salt vulnerability2025-01-06
Ubuntu
Salt vulnerabilities2024-08-08
CISA
SaltStack Salt Shell Injection Vulnerability2021-11-03
Red Hat
salt: sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection2020-11-03