Thursday Cisco disclosed a security breach that impacted a small part of its backend infrastructure and two of its commercial products also bundling the SaltStack software package as part of their firmware.
Cisco said that hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers… The six servers provide the backend infrastructure for VIRL-PE (Internet Routing Lab Personal Edition), a Cisco service that lets users model and create virtual network architectures to test network setups before deploying equipment in real situations. “Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” the company said Thursday.
Cisco said it patched and remediated all hacked VIRL-PE servers on May 7, when it deployed updates for the SaltStack software. However, the issue isn’t localized to Cisco’s backend infrastructure alone. Cisco says that two of its commercial products also bundle the SaltStack software package as part of their firmware. These are the aforementioned Cisco VIRL-PE, and Cisco Modeling Labs Corporate Edition (CML), another network modeling tool. Both VIRL-PE and CML can be used in Cisco-hosted and on-premise scenarios. In case companies use the two products on location, Cisco says CML and VIRL-PE need to be patched.