Two well known critical vulnerabilities have been exploited by hackers in the open-source salt management framework. The bug permit complete remote code execution in data centres environments as root on servers. Cisco stated on 7 of May they corrected the compromised servers.
Although the company has released software updates for both vulnerable, on CVSS scale state the vulnerable is 10 out of 10 critical. F-Secure researchers first reported the bug in May 2014 to open salt team and till date, no update has provided. The bug has an effect on the salt-master services used to manage and run networking services on Cisco's VIRL-PE software.
In early May, hackers attacked the Ghost publisher network and Lineage OS via leveraging key bugs on SaltStack, and that is why the Cisco Cml and the Cisco VIRL-PE (software updates 1.5 and 1.6) have been introduced. Cisco has the ability to use the "salt-master service".
While they wait for an update from SaltStack .
