iTnews

Cisco servers compromised using SaltStack flaws

By Staff Writer on May 29, 2020 6:03AM
Cisco servers compromised using SaltStack flaws

Impacted six servers associated with older versions of a network simulation tool.

Cisco has revealed that six servers it operates in conjunction with earlier versions of its virtual internet routing lab personal edition (VIRL-PE) product were compromised following the disclosure of critical vulnerabilities in SaltStack.

Finnish security vendor F-Secure said earlier this month that critical vulnerabilities in SaltStack digital infrastructure automation systems were being exploited.

The flaws affect the SaltStack salt-master, which sends updates to salt minions that control servers.

Cisco said in an advisory that two of its products - Cisco modeling labs corporate edition (CML) and Cisco VIRL-PE - “incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.”

VIRL-PE is described as a network modelling and simulation environment, while CML is similarly a network simulation platform.

Cisco advised that "CML and VIRL-PE software releases 2.0 and later do not run the salt-master service."

However, earlier versions are impacted in various ways spelled out by the advisory, depending on “how the product has been deployed” - and workarounds have been released.

“For any installation that is found with salt-master service running, Cisco would recommend either inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE,” the vendor advised.

Cisco said its own infrastructure teams maintained the salt-master servers used with Cisco VIRL-PE, and that six of these were compromised using the SaltStack flaws.

“Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” it said.

“The servers were remediated on May 7, 2020.”

It listed the compromised servers as: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info and vsm-us-2.virl.info.

“Cisco VIRL-PE connects back to Cisco maintained Salt Servers that are running the salt-master service,” it said.

“These servers are configured to communicate with a different Cisco salt-master server, depending on which release of Cisco VIRL-PE software is running. 

“Administrators can check the configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.”

Cisco added that its CML product “does not connect back to any Cisco maintained Salt servers”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisconetworknetworkingsaltstacksecuritysimulationvulnerabilities

Partner Content

Top 5 Benefits of Managed IT Services
Promoted Content Top 5 Benefits of Managed IT Services
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Staff Writer
May 29 2020
6:03AM
0 Comments

Related Articles

  • Cisco offers a bumper haul of vulnerability fixes
  • Cisco next to turn up Spring4Shell-vulnerable products
  • Cisco RADIUS server crashable with remote requests
  • Cisco patches critical vulnerabilities in SME routers
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers
Macquarie Bank creates a broker portal on Salesforce

Macquarie Bank creates a broker portal on Salesforce
Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability
Intel launches new AI chips

Intel launches new AI chips

Digital Nation

The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.