Subscribe Us

Cisco Servers Got hacked Via Unpatched  Vulnerabilities In SaltStack
Two well known critical vulnerabilities have been exploited by hackers in the open-source salt management framework. The bug permit complete remote code execution in data centres environments as root on servers. Cisco stated on 7 of May they corrected the compromised servers. 

Although the company has released software updates for both vulnerable, on  CVSS scale state the vulnerable is  10 out of 10 critical. F-Secure researchers first reported the bug in May 2014 to open salt team and till date, no update has provided. The bug has an effect on the salt-master services used to manage and run networking services on Cisco's VIRL-PE software.

In early May, hackers attacked the Ghost publisher network and Lineage OS via leveraging key bugs on SaltStack, and that is why the Cisco Cml and the Cisco VIRL-PE (software updates 1.5 and 1.6) have been introduced.  Cisco has the ability to use the "salt-master service".

While they wait for an update from SaltStack 

Post a Comment

Previous Post Next Post