Cisco Servers Got hacked Via Unpatched Vulnerabilities In SaltStack

0 16
Avatar for Secure
Written by
4 years ago


Two well known critical vulnerabilities have been exploited by hackers in the open-source salt management framework. The bug permit complete remote code execution in data centres environments as root on servers. Cisco stated on 7 of May they corrected the compromised servers. 

Although the company has released software updates for both vulnerable, on  CVSS scale state the vulnerable is  10 out of 10 critical. F-Secure researchers first reported the bug in May 2014 to open salt team and till date, no update has provided. The bug has an effect on the salt-master services used to manage and run networking services on Cisco's VIRL-PE software.

In early May, hackers attacked the Ghost publisher network and Lineage OS via leveraging key bugs on SaltStack, and that is why the Cisco Cml and the Cisco VIRL-PE (software updates 1.5 and 1.6) have been introduced.  Cisco has the ability to use the "salt-master service".

While they wait for an update from SaltStack .

More Articles on Cybersecuirty news

2
$ 0.01
$ 0.01 from @TheRandomRewarder
Sponsors of Secure
empty
empty
empty

Comments