Lucene search

K
ciscoCiscoCISCO-SA-SALT-2VX545AG
HistoryMay 28, 2020 - 4:00 p.m.

SaltStack FrameWork Vulnerabilities Affecting Cisco Products

2020-05-2816:00:00
tools.cisco.com
25

0.975 High

EPSS

Percentile

100.0%

On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs:

CVE-2020-11651: Authentication Bypass Vulnerability
CVE-2020-11652: Directory Traversal Vulnerability

Cisco Modeling Labs Corporate Edition (CML), Cisco TelePresence IX5000 Series, and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.

Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG”]

0.975 High

EPSS

Percentile

100.0%

Related for CISCO-SA-SALT-2VX545AG