An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Published 2021-02-27 05:15:14
Updated 2023-12-21 18:22:27
Source MITRE
View at NVD,   CVE.org
Vulnerability category: BypassGain privilege

Products affected by CVE-2021-25281

Exploit prediction scoring system (EPSS) score for CVE-2021-25281

85.92%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-25281

  • SaltStack Salt API Unauthenticated RCE through wheel_async client
    Disclosure Date: 2021-02-25
    First seen: 2021-03-31
    exploit/linux/http/saltstack_salt_wheel_async_rce
    This module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the `master` as the root user. Every 60 seconds, `salt-master` service performs a maintenance proces

CVSS scores for CVE-2021-25281

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2021-25281

  • When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-25281

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!