Cisco servers compromised using SaltStack flaws

By on
Cisco servers compromised using SaltStack flaws

Impacted six servers associated with older versions of a network simulation tool.

Cisco has revealed that six servers it operates in conjunction with earlier versions of its virtual internet routing lab personal edition (VIRL-PE) product were compromised following the disclosure of critical vulnerabilities in SaltStack.

Finnish security vendor F-Secure said earlier this month that critical vulnerabilities in SaltStack digital infrastructure automation systems were being exploited.

The flaws affect the SaltStack salt-master, which sends updates to salt minions that control servers.

Cisco said in an advisory that two of its products - Cisco modeling labs corporate edition (CML) and Cisco VIRL-PE - “incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.”

VIRL-PE is described as a network modelling and simulation environment, while CML is similarly a network simulation platform.

Cisco advised that "CML and VIRL-PE software releases 2.0 and later do not run the salt-master service."

However, earlier versions are impacted in various ways spelled out by the advisory, depending on “how the product has been deployed” - and workarounds have been released.

“For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE,” the vendor advised.

Cisco said its own infrastructure teams maintained the salt-master servers used with Cisco VIRL-PE, and that six of these were compromised using the SaltStack flaws.

“Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” it said.

“The servers were remediated on May 7, 2020.”

It listed the compromised servers as: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info and vsm-us-2.virl.info.

“Cisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service,” it said.

“These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. 

“Administrators can check the configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.”

Cisco added that its CML product “does not connect back to any Cisco maintained Salt servers”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco network networking saltstack security simulation vulnerabilities

Most Read Articles

Researchers say not to use myGovID until login flaw is fixed

Researchers say not to use myGovID until login flaw is fixed
DOS Subsystem for Linux breaks cover

DOS Subsystem for Linux breaks cover
Optus, Vocus score first deals in ATO telco carve-up

Optus, Vocus score first deals in ATO telco carve-up
NBN Co to spend $3bn upgrading half of FTTN network to full fibre

NBN Co to spend $3bn upgrading half of FTTN network to full fibre
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions
Plan your post-COVID security strategy
Plan your post-COVID security strategy
The Executive's Guide To The Future Of Work
The Executive's Guide To The Future Of Work
Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency

Events

Log In

Username / Email:
Password:
  |  Forgot your password?