Cisco security breach hits corporate servers that ran unpatched software

 In Biz & IT, Cisco, open source, salt, security breaches, servers

Cisco security breach hits corporate servers that ran unpatched software

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Cisco security breach hits corporate servers that ran unpatched software

Enlarge (credit: Prayitno / Flickr)

Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions the open source software service relies on, the company disclosed on Thursday.

Got updates?

The May 7 compromise hit six Cisco servers that provide backend connectivity to the Virtual Internet Routing Lab Personal Edition (VIRL-PE), a Cisco service that lets customers design and test network topologies without having to deploy actual equipment. Both the VIRL-PE and a related service, Cisco Modeling Labs Corporate Edition, incorporate the Salt management framework, which contained a pair of bugs that, when combined, was critical. The vulnerabilities became public on April 30.

Cisco deployed the vulnerable servers on May 7, and they were compromised the same day. Cisco took them down and remediated them, also on May 7. The servers were:

Read 5 remaining paragraphs | Comments

Cisco is one of many to get bitten by vulnerabilities in open source Salt manager.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt