Hackers Compromise Cisco Servers Via SaltStack Flaws
Cisco disclosed on Thursday that six of its VIRL-PE servers were compromised after threat actors used critical SaltStack vulnerabilities in a targeted attack. Cisco stated that the attackers used to known vulnerabilities that exist in the open-source Salt management framework and are used in Cisco products. Two Cisco products still use a vulnerable version of SaltStack, Modeling Labs Corporate Edition, and Cisco Virtual Internet Routing Lab Personal Edition.
In the second product, hackers exploited the flaws and subsequently compromised six Cisco servers. Cisco announced that the servers were remediated on May 7 in an alert published this Thursday. The company has since released software updates for the two products involved in the attack, ranking the vulnerabilities a 10 out of 10 on the CVSS scale and advising consumers to update products immediately.