Description
Cisco released a security update on May 28th 2020 to address vulnerabilities in SaltStack. It is recommended that you take the necessary precautions by ensuring your products are always updated.
Cisco Modeling Labs Corporate Edition (CML)
Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE)
For more information on the SaltStack vulnerabilities you can follow the below url:
https://cyber.gc.ca/en/alerts/saltstack-vulnerabilities-actively-exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
The Guyana National CIRT recommends that users and administrators review these guidelines and apply them where necessary.
Reference
Cisco Security Advisories (CVE-2020-11651, CVE-2020-11652) May 28th 2020
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Cisco Releases Security Updates for CML and VIRL-PE , May 29th 2020. Retrieved from US-Cert
Cisco Releases Security Updates (June 01st 2020). Retrieved from CCIRC (Public Safety Canada)