Let’s see what we found recently: the attacker vulnerable the Cisco Server and devices number of times by using the Cisco Virtual Internet Routing Lab Personal Edition(VIRL-PE) platform. This service allows all the users to create and build their network topologies without installing the device which helps to test the network virtually.
The cyber attackers have exploited the critical vulnerabilities in the SaltStack which is an open-source framework.
This is mainly used for the implementation of data center systems and it’s automatic services.
From Cisco, it was also mentioned that the Cisco Modeling Labs Corporate Edition (CML) is also vulnerable to attacks that is because it has the same version of Saltstack and that helps to run the vulnerable Salt Master installation.
The information we gather is “CML basically used by the user to simulate Cisco Devices and third-party devices. The VIRAL-PE that helps users to create infra and test the virtual networks in a development and test the environment easily.”
Cisco Product Vulnerable
There is mainly two product which is affected by the vulnerabilities :
- Cisco Virtual Internet Routing Lab Personal Edition(VIRl-PE)
- Cisco Modeling Labs Corporate Edition (CML)
The main Server Compromised
From the report of the company the Attacker can manage to compromise six infrastructure to take control :
- us-1.virl.info
- us-2.virl.info
- us-3.virl.info
- us-4.virl.info
- vsm-us-1.virl.info
- vsm-us-2.virl.info
We Got an image from the news that shows a device where the salt-master service is enabled :
Where Cisco lacks in security :
The vulnerabilities that can bypass the authentication as CVE-2020-11651 and a directory traversal that is identified as CVE-2020-11652.
The above two is the flaws can allow the attackers to gain the authority to access the entire file system of the servers that are configured in SaltStack,
CVE-2020-11651: Bypass authentication Vulnerable
CVE-2020-11652: Traversal Directory Vulnerable
On May 7, 2020, Cisco updated the compromised server and check all the vulnerabilities which can be fixed by the patch like the authentication bypass vulnerabilities(CVE-2020-11651) and the directory traversal vulnerabilities (CVE-2020-11652) that mainly affect the Saltstack severs.
After that Cisco released two essential updates for the VIRL-PE services and that was related to the product Cisco Modeling Labs Corporate Edition. The Security experts claimed that the security flaws on any version of services before the updates.
The SaltStack we mainly meant to observe and help to update the servers with their automatic process with the help of a remote execution engine it also allows us to run commands on multiple systems by utilizing the master node that applies changes to target the servers.
Cisco is not only companies that are attacked by cybercriminals by using these vulnerable, but earlier the attackers have also attacked other popular companies as well using the security flaws.
[…] to the team overall there are 70 percent of the hacking executed due to the hardware vulnerabilities if they know how to fix this then it will be easier to take down a mass hackers on the […]
[…] target the Horizon clients of windows 5.x and upper version which was fixed with version 5.4.3. The vulnerabilities considered as the important severity range and having 8.4 scores in […]
[…] According to the report which mentioned the Office of Management (OMB), which is currently increasing its security system which causes vulnerability. […]
[…] has reconnaissance, open-source intelligence, enumeration + scanning, and the most important thing vulnerabilities […]
[…] attackers may simply supply a known session key, and the trick the user came into the access of the vulnerable server. By using the HTTP query parameters in a crafted link that was sent by e-mail or provided by […]
[…] Sen the Saftey Detective researcher who discovered that last month two unprotected-hosted servers which were 272 GB and 1.3 TB of size belonging to Natura that have almost more than 192 Million […]
The therapists, acid, [URL=https://coastal-ims.com/drug/propecia/ – propecia[/URL – [URL=https://castleffrench.com/pill/zithromax/ – purchase zithromax without a prescription[/URL – [URL=https://the7upexperience.com/ventolin/ – ventolin[/URL – [URL=https://treystarksracing.com/lasix/ – lasix[/URL – [URL=https://treystarksracing.com/item/nizagara/ – nizagara[/URL – [URL=https://myhealthincheck.com/drugs/lasix-100mg/ – lasix 40 mg at canadian[/URL – [URL=https://pureelegance-decor.com/buy-generic-levitra/ – buy generic levitra[/URL – [URL=https://flowerpopular.com/drug/lasix/ – lasix[/URL – [URL=https://downtowndrugofhillsboro.com/pill/vpxl/ – vpxl pills[/URL – [URL=https://alliedentinc.com/doxycycline/ – purchase doxycycline[/URL – [URL=https://sjsbrookfield.org/tadalafil-cheap/ – tadalafil cheap[/URL – [URL=https://glenwoodwine.com/pill/aurogra/ – aurogra prix en pharmacie[/URL – cheap aurogra pills [URL=https://beauviva.com/product/hydroxychloroquine/ – hydroxychloroquine[/URL – [URL=https://sjsbrookfield.org/item/nizagara-50mg/ – nizagara[/URL – [URL=https://eatliveandlove.com/generic-cialis/ – cialis.com lowest price[/URL – [URL=https://1488familymedicinegroup.com/product/celebrex/ – celebrex 200mg[/URL – celebrex [URL=https://carolinahealthclub.com/cytotec/ – cytotec 100mcg[/URL – [URL=https://castleffrench.com/pill/lasix/ – lasix 40mg[/URL – [URL=https://darlenesgiftshop.com/pill/cialis/ – cialis online[/URL – [URL=https://jomsabah.com/item/tadalafil/ – tadalafil on prescription uk[/URL – [URL=https://rdasatx.com/nizagara/ – over night nizagara[/URL – nizagara pills [URL=https://greaterparsippanyrewards.com/lyrica/ – lyrica[/URL – [URL=https://alliedentinc.com/product/amoxicillin/ – buy 1000mg amoxil from india[/URL – [URL=https://pureelegance-decor.com/asthalin/ – salbutamol[/URL – [URL=https://flowerpopular.com/drugs/cipro/ – cipro.com[/URL – [URL=https://mnsmiles.com/kamagra/ – kamagra[/URL – kamagra [URL=https://markssmokeshop.com/cialis/ – cialis cost[/URL – [URL=https://dam-photo.com/sildenafil/ – sildenafil[/URL – [URL=https://otherbrotherdarryls.com/finasteride-canadian-pharmacy/ – online generic finasteride[/URL – [URL=https://pureelegance-decor.com/www-cialis-com/ – cialis 2.5 without prescriptions[/URL – doctor-dependency, hepatitic contributing finasteride massotherapy cuanto cuesta el zithromax de 100 ventolin 100mcg lasix lasix nizagara 100mg brand name lasix overnigh levitra without a doctor lowest price for lasix generic for vpxl doxycycline no prescription tadalafil canadian pharmacy aurogra quick hydroxychloroquine nizagara 25mg france nizagara cialis without prescription celecoxib cytotec online uk lasix price tadalafil tadalafil nizagara pills low cost lyrica canadian amoxicillin asthalin cipro kamagra cialis 5mg buy sildenafil finasteride tadalafil head, integument impulsive https://coastal-ims.com/drug/propecia/ https://castleffrench.com/pill/zithromax/ https://the7upexperience.com/ventolin/ https://treystarksracing.com/lasix/ https://treystarksracing.com/item/nizagara/ https://myhealthincheck.com/drugs/lasix-100mg/ https://pureelegance-decor.com/buy-generic-levitra/ levitra https://flowerpopular.com/drug/lasix/ lasix https://downtowndrugofhillsboro.com/pill/vpxl/ https://alliedentinc.com/doxycycline/ https://sjsbrookfield.org/tadalafil-cheap/ https://glenwoodwine.com/pill/aurogra/ https://beauviva.com/product/hydroxychloroquine/ https://sjsbrookfield.org/item/nizagara-50mg/ https://eatliveandlove.com/generic-cialis/ https://1488familymedicinegroup.com/product/celebrex/ https://carolinahealthclub.com/cytotec/ https://castleffrench.com/pill/lasix/ purchase lasix without a prescription https://darlenesgiftshop.com/pill/cialis/ https://jomsabah.com/item/tadalafil/ https://rdasatx.com/nizagara/ https://greaterparsippanyrewards.com/lyrica/ https://alliedentinc.com/product/amoxicillin/ https://pureelegance-decor.com/asthalin/ https://flowerpopular.com/drugs/cipro/ https://mnsmiles.com/kamagra/ https://markssmokeshop.com/cialis/ https://dam-photo.com/sildenafil/ https://otherbrotherdarryls.com/finasteride-canadian-pharmacy/ https://pureelegance-decor.com/www-cialis-com/ posture, nasally.