Risk: Directory Traversal Vulnerability.
vulnerable parties: Companies using Cisco products with the vulnerable software release:
- Cisco Modeling Labs Corporate Edition(CML)
- Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE)
Flaw Description: An unauthorized user can access the server contents traversing the directories not permitted. it can result in damaging data, wiping of data and more.
Recommendations: Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.
Products vulnerable: The following servers were compromised:
- us-1.virl.info
- us-2.virl.info
- us-3.virl.info
- us-4.virl.info
- vsm-us-1.virl.info
- vsm-us-2.virl.info
Documentation: Documentation can be found here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG