Cisco published a detailed report on two critical vulnerabilities, CVE-2020-11651 and CVE-2020-11652. Cisco stated that the Salt Open Core team was notified in April about these vulnerabilities. CVE-2020-11651 is an Authentication Bypass Vulnerability and CVE-2020-11652 is a Directory Traversal Vulnerability.
Cisco CML and Cisco VIRL-PE
According to the report, these vulnerabilities affected Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE). Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised. The following servers were compromised are:
Cisco announced that, if the salt-master is enabled for Cisco CML and Cisco VIRL-PE software releases 1.5 and 1.6, the exploitability of the product depends on how the product has been deployed. The salt-master must be reachable on TCP ports 4505 and 4506 to be exploited.
Cisco security team recommends inspecting the machine for compromise or doing a re-image of the machine and installing the latest version of Cisco CML or Cisco VIRL-PE. Users can check the status of the salt-master service on the installation of Cisco CML and Cisco VIRL-PE with the command:
sudo systemctl status salt-master