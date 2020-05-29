Cisco servers compromised using SaltStack flaws

By on
Cisco servers compromised using SaltStack flaws

Impacted six servers associated with older versions of a network simulation tool.

Cisco has revealed that six servers it operates in conjunction with earlier versions of its virtual internet routing lab personal edition (VIRL-PE) product were compromised following the disclosure of critical vulnerabilities in SaltStack.

Finnish security vendor F-Secure said earlier this month that critical vulnerabilities in SaltStack digital infrastructure automation systems were being exploited.

The flaws affect the SaltStack salt-master, which sends updates to salt minions that control servers.

Cisco said in an advisory that two of its products - Cisco modeling labs corporate edition (CML) and Cisco VIRL-PE - “incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.”

VIRL-PE is described as a network modelling and simulation environment, while CML is similarly a network simulation platform.

Cisco advised that "CML and VIRL-PE software releases 2.0 and later do not run the salt-master service."

However, earlier versions are impacted in various ways spelled out by the advisory, depending on “how the product has been deployed” - and workarounds have been released.

“For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE,” the vendor advised.

Cisco said its own infrastructure teams maintained the salt-master servers used with Cisco VIRL-PE, and that six of these were compromised using the SaltStack flaws.

“Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” it said.

“The servers were remediated on May 7, 2020.”

It listed the compromised servers as: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info and vsm-us-2.virl.info.

“Cisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service,” it said.

“These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. 

“Administrators can check the configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.”

Cisco added that its CML product “does not connect back to any Cisco maintained Salt servers”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco network networking saltstack security simulation vulnerabilities
In Partnership With

Most Read Articles

Centrelink loses welfare payments overhaul chief

Centrelink loses welfare payments overhaul chief
Key EDS witness bought internet degree

Key EDS witness bought internet degree
Aussie Broadband to offer 'best effort' gigabit NBN plans for $149

Aussie Broadband to offer 'best effort' gigabit NBN plans for $149
Commonwealth Bank reveals new chief digital officer

Commonwealth Bank reveals new chief digital officer
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
TechTarget: Organizations Increasing Their Adoption of NFV
TechTarget: Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD
The Maturity of Zero Trust in Australia and New Zealand
The Maturity of Zero Trust in Australia and New Zealand

Events

Log In

Username / Email:
Password:
  |  Forgot your password?