Risk:  Unauthorized User can bypass the authentication.

vulnerable parties: Companies using Cisco products with the vulnerable software release:

  • Cisco Modeling Labs Corporate Edition(CML)
  • Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE)

Flaw Description: An unauthorized user can access the server contents by bypassing authentication. it can result in mass data breach and other things.

Recommendations: Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.

Products vulnerable: The following servers were compromised:

  • us-1.virl.info
  • us-2.virl.info
  • us-3.virl.info
  • us-4.virl.info
  • vsm-us-1.virl.info
  • vsm-us-2.virl.info

Documentation: Documentation can be found here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG

JBS, the world’s meat producer shelled out $11 million dollars in ransom to hackers.
What happened? JBS USA [part of J.B.S S.A group] confirmed that the …
CoWin Website hacked and 150 million registered user database stolen.
What Happened? A recent claim has been made on the dark web …
Bizongo, mumbai based Indian Supply chain suffered data breach.
What happened? Bizongo, India's mumbai based supply chain giant was recently discovered …
Upstox, India’s 2nd largest stockbroker hit by cyberattack.
What happened? According to the reports, Upstox, a stockbroker in India has …

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

One thought on “Cisco: CVE-2020-11651 SaltStack FrameWork”

Have some thoughts? why not share with us here.