Morioh
Login
Sedrick Carroll

Sedrick Carroll

3 years ago

Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products.

Two Cisco products incorporate a version of SaltStack that is running the vulnerable salt-master service. The first is Cisco Modeling Labs Corporate Edition (CML), which gives users a virtual sandbox environment to design and configure network topologies. The second is Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE), used to design, configure and operate networks using versions of Cisco’s network operating systems.

Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco. Those servers are: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info and vsm-us-2.virl.info.

“Cisco infrastructure maintains the salt-master servers that are used with Cisco VIRL-PE,” according to Cisco’s Thursday alert. “Those servers were upgraded on May 7, 2020. Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised.”

Cisco said the servers were remediated on May 7. The company also released software updates for the two vulnerable products. Cisco said that the update is “critical,” ranking it 10 out of 10 on the CVSS scale.

The SaltStack bugs were first made public by the Salt Open Core team on April 29. The flaws can allow full remote code execution as root on servers in data centers and cloud environments. They include an authentication bypass issue, tracked as CVE-2020-11651, and a directory-traversal flaw, CVE-2020-11652, where untrusted inputs (i.e. parameters in network requests) are not sanitized correctly. This in turn allows access to the entire file system of the master server, researchers found.

#breach #neural networks

Hackers Compromise Cisco Servers Via SaltStack Flaws

threatpost.com

Hackers Compromise Cisco Servers Via SaltStack Flaws

Hackers Compromise Cisco Servers Via SaltStack Flaws: Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.

1.25 GEEK