Hackers Compromise Cisco Servers Via SaltStack Flaws

2020-05-28 20:51

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities.

Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.

"Cisco infrastructure maintains the salt-master servers that are used with Cisco VIRL-PE," according to Cisco's Thursday alert.

"Those servers were upgraded on May 7, 2020. Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised."

Cisco said that for Cisco CML and Cisco VIRL-PE if the salt-master service is enabled "The exploitability of the product depends on how the product has been deployed." A full list of the impact and recommended action for each deployment option, for each Cisco software release, can be found on Cisco's alert.

News URL

https://threatpost.com/hackers-compromise-cisco-servers-saltstack/156091/

#cisco #compromise #hacker #server

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2030	21	1772	1668	288	3749
Saltstack		5	2	11	17	18	48

News URL

Related news

Related vendor