Cyber security news for all

More

    Hackers exploit flaws on Cisco servers via SaltStack

    Cyber attackers have taken advantage of flaws that exist in the open-source Saltstack Management framework used by Cisco in their network-tooling products. The vulnerable salt-master service currently runs on two Cisco products; Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE). The former gives users a virtual sandbox environment to design and configure network topologies; while the latter is for designing, configuring, and operating networks using versions of Cisco’s network operating systems.

    The flaws in the latter made room for the exploitation by the hackers, which resulted in the compromise of six VIRL-PE backend servers, namely, us-1.virl.info, us-2.virl.info; us-3.virl.info, us-4.virl.info; us-5.virl.info, us-6.virl.info.

    If the above products enable its salt-master service; the exploitability of the product depends on how the product has been deployed.

     

    A full list of the impact and recommended action for each deployment option, for each Cisco software release, can be found on Cisco’s alert.

     

    F-secure researchers predicted about an imminent attack when they discovered the flaw after the release of patches by SaltStack. SaltStack released patches for the flaw in release 3000.2, on April 30. However, a Preliminary scan carried out revealed the presence of more than 6,000 potentially vulnerable Salt instances exposed to the public.

    It seems like the predictions are coming true as a series of hackings have started to take place. For instance, at the beginning of May, hackers were able to launch a crypto-jacking attack using the Ghost publishing servers. Also,they exploited the vulnerabilities in SaltStack used by the platform, which led to widespread outages.

     

    According to Cisco’s Thursday alert, “Cisco infrastructure maintains the salt-master servers used with Cisco VIRL-PE. The upgrade of the servers was on May 7, 2020. Cisco identified that the Cisco-maintained salt-master servers which are servicing Cisco VIRL-PE release 1.2 and 1.3 were compromised.”

     

    Cisco also said that “to be exploited, the salt-master service must be reachable on TCP ports 4505 and 4506.” The company added that administrators could check their configured Cisco salt-master server by navigating to VIRL Server > Salt Configuration and Status.

     

    They (Cisco) continue to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities.

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox