What is the severity of CVE-2017-14696?

CVE-2017-14696 has been classified as a moderate severity vulnerability due to its potential for causing a Denial of Service.

How do I fix CVE-2017-14696?

To fix CVE-2017-14696, upgrade SaltStack Salt to versions 2016.3.8, 2016.11.8, or 2017.7.2 or later.

What versions of SaltStack Salt are affected by CVE-2017-14696?

CVE-2017-14696 affects SaltStack Salt versions prior to 2016.3.8, 2016.11.8, and 2017.7.2.

Can CVE-2017-14696 be exploited remotely?

Yes, CVE-2017-14696 can be exploited remotely by delivering a specially crafted authentication request.

What type of attack can CVE-2017-14696 facilitate?

CVE-2017-14696 can facilitate a Denial of Service attack against the targeted SaltStack Salt instance.

Vulnerability/
CVE-2017-14696

high

7.5

CWE

20 400

11/10/2017

24/10/2017

17/5/2022

21/11/2024

CVE-2017-14696: Input Validation

First published: Wed Oct 11 2017(Updated: )

An input validation vulnerability with a specially crafted authentication request was discover in salt. A remote attacker can use this for a Denial of Service attack.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
SaltStack Salt	<=2016.3.7
SaltStack Salt	=2016.11
SaltStack Salt	=2016.11.0
SaltStack Salt	=2016.11.1
SaltStack Salt	=2016.11.1-rc1
SaltStack Salt	=2016.11.1-rc2
SaltStack Salt	=2016.11.2
SaltStack Salt	=2016.11.3
SaltStack Salt	=2016.11.4
SaltStack Salt	=2016.11.5
SaltStack Salt	=2016.11.6
SaltStack Salt	=2016.11.7
SaltStack Salt	=2017.7.0
SaltStack Salt	=2017.7.0-rc1
SaltStack Salt	=2017.7.1
redhat/salt	<2016.3.8	2016.3.8
redhat/salt	<2016.11.8	2016.11.8
redhat/salt	<2017.7.2	2017.7.2
pip/salt	>=2017.7.0<2017.7.2	2017.7.2
pip/salt	>=2016.11.0<2016.11.8	2016.11.8
pip/salt	<2016.3.8	2016.3.8
debian/salt

Remedy

https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-14696?
CVE-2017-14696 has been classified as a moderate severity vulnerability due to its potential for causing a Denial of Service.
How do I fix CVE-2017-14696?
To fix CVE-2017-14696, upgrade SaltStack Salt to versions 2016.3.8, 2016.11.8, or 2017.7.2 or later.
What versions of SaltStack Salt are affected by CVE-2017-14696?
CVE-2017-14696 affects SaltStack Salt versions prior to 2016.3.8, 2016.11.8, and 2017.7.2.
Can CVE-2017-14696 be exploited remotely?
Yes, CVE-2017-14696 can be exploited remotely by delivering a specially crafted authentication request.
What type of attack can CVE-2017-14696 facilitate?
CVE-2017-14696 can facilitate a Denial of Service attack against the targeted SaltStack Salt instance.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
agent/remedy
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-14696
agent/software-canonical-lookup
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/security-tracker-debian
source/Debian
collector/usn-cve
source/Ubuntu
agent/softwarecombine
agent/event
agent/description
collector/github-advisory-latest
source/GitHub
alias/GHSA-657p-cj5r-mjrh
agent/references
collector/github-advisory
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
agent/tags
agent/source
vendor/saltstack
canonical/saltstack salt
version/saltstack salt/2016.3.7
version/saltstack salt/2016.11
version/saltstack salt/2016.11.0
version/saltstack salt/2016.11.1
version/saltstack salt/2016.11.1-rc1
version/saltstack salt/2016.11.1-rc2
version/saltstack salt/2016.11.2
version/saltstack salt/2016.11.3
version/saltstack salt/2016.11.4
version/saltstack salt/2016.11.5
version/saltstack salt/2016.11.6
version/saltstack salt/2016.11.7
version/saltstack salt/2017.7.0
version/saltstack salt/2017.7.0-rc1
version/saltstack salt/2017.7.1
package-manager/redhat
package-manager/debian
package-manager/pip