Home Security Cisco Reveals Security Breach Affecting Servers Due To SaltStack Bugs

Cisco Reveals Security Breach Affecting Servers Due To SaltStack Bugs

by ethhack
Avatar

Cisco has once again made it to the news. But this time, it isn’t because of bug fixes, rather a security breach. As revealed, criminals targeted Cisco servers exploiting the SaltStack vulnerability.

Cisco Security Breach

Recently, Cisco has announced a security breach affecting part of its IT structure. Specifically, the breach affected some servers serving the backend infrastructure of Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE).

As explained in Cisco’s advisory, Cisco noted that the affected servers were running the vulnerable salt-master service. Hence, the two SaltStack vulnerabilities disclosed earlier this month allowed the hackers to breach Cisco servers.

As stated in the advisory,

Cisco Product Security Incident Response Team (PSIRT) became aware of additional attempted exploitation of these vulnerabilities in the wild.

Consequently, the breach affected the Cisco Modeling Labs Corporate Edition (CML) and VIRL-PE.

Specifically, the affected servers were servicing the Cisco VIRL-PE releases 1.2 and 1.3. The compromised servers include,

  • us-1.virl.info
  • us-2.virl.info
  • us-3.virl.info
  • us-4.virl.info
  • vsm-us-1.virl.info
  • vsm-us-2.virl.info

Cisco Released Fixes

Cisco detected the vulnerabilities earlier this month, following which, they patched all the compromised servers on May 7, 2020.

According to the vendors, the two products Cisco CML and VIRL-PE can either work as a standalone deployment or in cluster mode. Hence, Cisco patched the fixes for both deployment options with the release of Cisco CML and Cisco VIRL-PE software releases 2.0 that do not run salt-master service.

Considering the attempts of exploitation in the wild, Cisco has urged all the users to update the software releases immediately. For this, users can check the salt-master service status using the instructions given in Cisco’s advisory.

SaltStack vulnerabilities surfaced online earlier this month. Shortly after the disclosure, hackers began exploiting the bugs for targeting various corporate networks. Consequently, LineageOS – a mobile OS vendor, Digicert – certificate authority, Ghost blogging platform, Xen Orchestra, and Algolia search service, reported hacking attacks.

The following two tabs change content below.
Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar



Source link

Related Articles

Leave a Comment