Cisco servers compromised using SaltStack flaws

By on
Cisco servers compromised using SaltStack flaws

Impacted six servers associated with older versions of a network simulation tool.

Cisco has revealed that six servers it operates in conjunction with earlier versions of its virtual internet routing lab personal edition (VIRL-PE) product were compromised following the disclosure of critical vulnerabilities in SaltStack.

Finnish security vendor F-Secure said earlier this month that critical vulnerabilities in SaltStack digital infrastructure automation systems were being exploited.

The flaws affect the SaltStack salt-master, which sends updates to salt minions that control servers.

Cisco said in an advisory that two of its products - Cisco modeling labs corporate edition (CML) and Cisco VIRL-PE - “incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.”

VIRL-PE is described as a network modelling and simulation environment, while CML is similarly a network simulation platform.

Cisco advised that "CML and VIRL-PE software releases 2.0 and later do not run the salt-master service."

However, earlier versions are impacted in various ways spelled out by the advisory, depending on “how the product has been deployed” - and workarounds have been released.

“For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE,” the vendor advised.

Cisco said its own infrastructure teams maintained the salt-master servers used with Cisco VIRL-PE, and that six of these were compromised using the SaltStack flaws.

“Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” it said.

“The servers were remediated on May 7, 2020.”

It listed the compromised servers as: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info and vsm-us-2.virl.info.

“Cisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service,” it said.

“These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. 

“Administrators can check the configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.”

Cisco added that its CML product “does not connect back to any Cisco maintained Salt servers”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco network networking saltstack security simulation vulnerabilities

Sponsored Whitepapers

Empowering workforces in the new environment
Empowering workforces in the new environment
Is the technology refresh dead?
Is the technology refresh dead?
DevSecOps: A framework for digital innovation
DevSecOps: A framework for digital innovation
Encryption: Protect your most critical data
Encryption: Protect your most critical data
Overcoming data security challenges in a hybrid, multicloud world
Overcoming data security challenges in a hybrid, multicloud world

Events

Most Read Articles

Aussie Broadband says some customers are switching providers to get high-speed NBN discounts

Aussie Broadband says some customers are switching providers to get high-speed NBN discounts
Aussie Broadband to white label its services

Aussie Broadband to white label its services
Swinburne University data breach exposes details of 5000 staff, students

Swinburne University data breach exposes details of 5000 staff, students
ATO loses its cyber security chief

ATO loses its cyber security chief
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?