Cisco security breach hits corporate servers that ran unpatched software


Cisco security breach hits corporate servers that ran unpatched software

Enlarge (credit: Prayitno / Flickr)

Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions the open source software service relies on, the company disclosed on Thursday.

Got updates?

The May 7 compromise hit six Cisco servers that provide backend connectivity to the Virtual Internet Routing Lab Personal Edition (VIRL-PE), a Cisco service that lets customers design and test network topologies without having to deploy actual equipment. Both the VIRL-PE and a related service, Cisco Modeling Labs Corporate Edition, incorporate the Salt management framework, which contained a pair of bugs that, when combined, was critical. The vulnerabilities became public on April 30.

Cisco deployed the vulnerable servers on May 7, and they were compromised the same day. Cisco took them down and remediated them, also on May 7. The servers were:

Read 5 remaining paragraphs | Comments

index?i=NxFLROC4pT0:32UmibZWdbw:V_sGLiPB index?i=NxFLROC4pT0:32UmibZWdbw:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/?p=1679668
Proactive Computing found this story and shared it with you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.