VDB
CISCO-SA-SALT-2VX545AG
CISCO-SA-SALT-2VX545AG
PUBLISHED
CVSS 10 CRITICAL
On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities. Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco Virtual Internet Routing Lab | ||
| Cisco TelePresence IX5000 | ||
| Cisco Modeling Labs |
Exploit Intelligence
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG (circl)
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html (circl)
- https://developer.cisco.com/modeling-labs/ (circl)
- https://www.cisco.com/c/en/us/products/end-user-license-agreement.html (circl)
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes (circl)
- https://www.cisco.com/go/psirt (circl)
- https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html (circl)
- https://software.cisco.com/download/navigator.html (circl)
- https://learningnetwork.cisco.com/s/question/0D53i00000U2ihwCAB/howto-upgrade-your-virtual-internet-routing-lab-instance-to-cisco-modeling-labs-personal-v20 (circl)
- http://get.virl.info/upgrd.1.3.php (circl)
…and 1 more exploits
Timeline
- May 28, 2020 CVE Published
- Jun 16, 2020 CVE Updated
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG advisory
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html url
- https://developer.cisco.com/modeling-labs/ url
- https://www.cisco.com/c/en/us/products/end-user-license-agreement.html url
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes url
- https://www.cisco.com/go/psirt url
- https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html url
- https://software.cisco.com/download/navigator.html url
- https://learningnetwork.cisco.com/s/question/0D53i00000U2ihwCAB/howto-upgrade-your-virtual-internet-routing-lab-instance-to-cisco-modeling-labs-personal-v20 url
- http://get.virl.info/upgrd.1.3.php url
- https://software.cisco.com fix