Risk: Unauthorized User can bypass the authentication.
vulnerable parties: Companies using Cisco products with the vulnerable software release:
- Cisco Modeling Labs Corporate Edition(CML)
- Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE)
Flaw Description: An unauthorized user can access the server contents by bypassing authentication. it can result in mass data breach and other things.
Recommendations: Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.
Products vulnerable: The following servers were compromised:
- us-1.virl.info
- us-2.virl.info
- us-3.virl.info
- us-4.virl.info
- vsm-us-1.virl.info
- vsm-us-2.virl.info
Documentation: Documentation can be found here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
[…] Cisco: CVE-2020-11651 SaltStack FrameWork […]