Cisco servers compromised using SaltStack flaws

By on
Cisco servers compromised using SaltStack flaws

Impacted six servers associated with older versions of a network simulation tool.

Cisco has revealed that six servers it operates in conjunction with earlier versions of its virtual internet routing lab personal edition (VIRL-PE) product were compromised following the disclosure of critical vulnerabilities in SaltStack.

Finnish security vendor F-Secure said earlier this month that critical vulnerabilities in SaltStack digital infrastructure automation systems were being exploited.

The flaws affect the SaltStack salt-master, which sends updates to salt minions that control servers.

Cisco said in an advisory that two of its products - Cisco modeling labs corporate edition (CML) and Cisco VIRL-PE - “incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.”

VIRL-PE is described as a network modelling and simulation environment, while CML is similarly a network simulation platform.

Cisco advised that "CML and VIRL-PE software releases 2.0 and later do not run the salt-master service."

However, earlier versions are impacted in various ways spelled out by the advisory, depending on “how the product has been deployed” - and workarounds have been released.

“For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE,” the vendor advised.

Cisco said its own infrastructure teams maintained the salt-master servers used with Cisco VIRL-PE, and that six of these were compromised using the SaltStack flaws.

“Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” it said.

“The servers were remediated on May 7, 2020.”

It listed the compromised servers as: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info and vsm-us-2.virl.info.

“Cisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service,” it said.

“These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. 

“Administrators can check the configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.”

Cisco added that its CML product “does not connect back to any Cisco maintained Salt servers”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco network networking saltstack security simulation vulnerabilities

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it
Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability
Tyro halts trading following week-long outage

Tyro halts trading following week-long outage
Woolworths to build a platform to host subscription-based services

Woolworths to build a platform to host subscription-based services
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?