Cisco Announces Patches to SaltStack

  /     /     /  
Publicated : 23/11/2024   Category : security


Cisco Announces Patches to SaltStack


The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.



Cisco recently patched vulnerabilities in its SaltStack Framework after Salt master servers were compromised. The pair of vulnerabilities, CVE-2020-11651 and CVE-2020-11652, were discovered and patched by the Salt community, which found some 6,000 Salt masters globally that were affected. The vulnerabilities have been given a Common Vulnerability Scoring System (CVSS) score of 10, indicating that they are critical.
The vulnerabilities could allow a remote user to run arbitrary commands and access methods or directory paths for which they arent authorized. This is possible because the affected software versions do not properly authorize certain users and sanitize particular commands.
Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the Salt master service that is affected by these vulnerabilities.
Salt is open source software for automating networking and security functions based on events and specific configurations. SaltStack is an implementation of Salt. Written in Python, it is widely used in network administration and security.
Cisco and the Salt community recommend that users immediately update software and
harden their Salt environments
.
For more, read
here
and
here
.
 
 
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that really  bad day in cybersecurity. Click for 
more information and to register


Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cisco Announces Patches to SaltStack