Preview Tool

Cisco Bug: CSCvu33581 - Cisco Modeling Labs Corporate Edition and Cisco VIRL SaltStack FrameWork Vulnerabilities

Last Modified

Jun 13, 2020

Products (1)

Known Affected Releases


Description (partial)

On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs:
 * CVE-2020-11651: Authentication Bypass Vulnerability
 * CVE-2020-11652: Directory Traversal Vulnerability

Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that is affected by these vulnerabilities.

Cisco has released software updates that address these vulnerabilities. There is a workaround that addresses these vulnerabilities.

This advisory is available at the following link:

Please refer to the Security Advisory.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.