Cisco information about the hacking of 7 servers that provide the operation of the network modeling system (Virtual Internet Routing Lab Personal Edition), which allows you to design and test network topologies based on Cisco communication solutions without real equipment. The hack was discovered on May 7th. Control over servers is obtained through the exploitation of a critical vulnerability in the SaltStack centralized configuration management system, which was previously for hacking LineageOS, Vates (Xen Orchestra), Algolia, Ghost and DigiCert infrastructures. The vulnerability also manifested itself in third-party installations of Cisco CML (Cisco Modeling Labs Corporate Edition) and Cisco VIRL-PE 1.5 and 1.6 products, if salt-master was enabled by the user.
Recall that on April 29 in Salt were eliminated , allowing you to remotely execute code on the control host (salt-master) and all servers managed through it without passing authentication.
For an attack, the availability of network ports 4505 and 4506 for external requests is sufficient.
Source: opennet.ru