SHARE
EnlargePrayitno / Flickr

Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions the open source software service relies on, the company disclosed on Thursday.

Got updates?

The May 7 compromise hit six Cisco servers that provide backend connectivity to the Virtual Internet Routing Lab Personal Edition (VIRL-PE), a Cisco service that lets customers design and test network topologies without having to deploy actual equipment. Both the VIRL-PE and a related service, Cisco Modeling Labs Corporate Edition, incorporate the Salt management framework, which contained a pair of bugs that, when combined, was critical. The vulnerabilities became public on April 30.

Cisco deployed the vulnerable servers on May 7, and they were compromised the same day. Cisco took them down and remediated them, also on May 7. The servers were:

  • us-1.virl.info
  • us-2.virl.info
  • us-3.virl.info
  • us-4.virl.info
  • vsm-us-1.virl.info
  • vsm-us-2.virl.info

Cisco said that without updates any VIRL-PE or CML products that are deployed in standalone or cluster configurations will remain vulnerable to the same sorts of compromises. The company released software updates for the two vulnerable products. Cisco rated the severity of the vulnerabilities with a ranking of 10 out of 10 on the CVSS scale.

The Salt vulnerabilities are a CVE-2020-11651, an authentication bypass, and CVE-2020-11652, a directory traversal. Together, they allow unauthorized access to the entire file system of the master salt server that services using Salt rely on. F-Secure, the firm that discovered the vulnerabilities, has a good description of them here.

Join the club

Cisco and its customers are just a small sampling of those who have been bitten by the SaRead More – Source

[contf] [contfnew]

arstechnica

[contfnewc] [contfnewc]

LEAVE A REPLY

Please enter your comment!
Please enter your name here