Cisco Announces Patches to SaltStack

The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.

Cisco recently patched vulnerabilities in its SaltStack Framework after Salt master servers were compromised. The pair of vulnerabilities, CVE-2020-11651 and CVE-2020-11652, were discovered and patched by the Salt community, which found some 6,000 Salt masters globally that were affected. The vulnerabilities have been given a Common Vulnerability Scoring System (CVSS) score of 10, indicating that they are critical.
The vulnerabilities could allow a remote user to run arbitrary commands and access methods or directory paths for which they arent authorized. This is possible because the affected software versions do not properly authorize certain users and sanitize particular commands.
Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the Salt master service that is affected by these vulnerabilities.
Salt is open source software for automating networking and security functions based on events and specific configurations. SaltStack is an implementation of Salt. Written in Python, it is widely used in network administration and security.
Cisco and the Salt community recommend that users immediately update software and
harden their Salt environments
.
For more, read
here
and
here
.

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that really bad day in cybersecurity. Click for
more information and to register
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cisco Announces Patches to SaltStack