Cisco Servers Got hacked Via Unpatched Vulnerabilities In SaltStack

Cisco Servers Got hacked Via Unpatched  Vulnerabilities In SaltStack
Two well known critical vulnerabilities have been exploited by hackers in the open-source salt management framework. The bug permit complete remote code execution in data centres environments as root on servers. Cisco stated on 7 of May they corrected the compromised servers. 

Although the company has released software updates for both vulnerable, on  CVSS scale state the vulnerable is  10 out of 10 critical. F-Secure researchers first reported the bug in May 2014 to open salt team and till date, no update has provided. The bug has an effect on the salt-master services used to manage and run networking services on Cisco's VIRL-PE software.

In early May, hackers attacked the Ghost publisher network and Lineage OS via leveraging key bugs on SaltStack, and that is why the Cisco Cml and the Cisco VIRL-PE (software updates 1.5 and 1.6) have been introduced.  Cisco has the ability to use the "salt-master service".

While they wait for an update from SaltStack 




Previous Post Next Post

Found this article interesting? Follow Hackers Review on Facebook, Twitter  and Telegram to read more exclusive content we post.