cpe:/a:saltstack:salt:2015.8.12 cpe:/a:saltstack:salt:2016.3.0 cpe:/a:saltstack:salt:2016.3.1 cpe:/a:saltstack:salt:2016.3.2 cpe:/a:saltstack:salt:2016.3.3 cpe:/a:saltstack:salt:2016.3.4 cpe:/a:saltstack:salt:2016.11.0 cpe:/a:saltstack:salt:2016.11.1 cpe:/a:saltstack:salt:2016.11.2 CVE-2017-5200 2017-09-26T10:29:00.597-04:00 2019-10-02T20:03:26.223-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2017-10-06T09:47:41.267-04:00 CONFIRM https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html CONFIRM https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html CONFIRM https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.