Roundup Six Cisco-operated servers were hacked via SaltStack security vulnerabilities, the networking giant revealed this week.
The compromised systems act as the salt-master servers for releases 1.2 and 1.3 of Cisco's Virtual Internet Routing Lab Personal Edition (VIRL-PE) product, and customer installations connect to these Cisco-maintained backend boxes.
SaltStack is a tool for managing software running on remote systems, and issued security patches at the end of April for two vulnerabilities in its code that can be exploited to gain control of host computers. Cisco patched the six VIRL-PE salt-master boxes – us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info, and vsm-us-2.virl.info – on May 7, and discovered they had been hacked.
According to an cisco hacked backend servers customer deployments compromised saltstack
