Risk: Unauthorized User can bypass the authentication.
vulnerable parties: Companies using Cisco products with the vulnerable software release:
- Cisco Modeling Labs Corporate Edition(CML)
- Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE)
Flaw Description: An unauthorized user can access the server contents by bypassing authentication. it can result in mass data breach and other things.
Recommendations: Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.
Products vulnerable: The following servers were compromised:
Documentation: Documentation can be found here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
One thought on “Cisco: CVE-2020-11651 SaltStack FrameWork”
[…] Cisco: CVE-2020-11651 SaltStack FrameWork […]