Six Cisco internal servers that support its virtual networking service were compromised earlier this month. Cisco failed to patch two SaltStack zero day vulnerabilities, according to a security advisory sent to customers this week. If exploited, these vulnerabilities potentially allowed an attacker to gain full remote code execution within the servers. Cisco gave no details on exactly what, if any, damage was done as a result of the attacks, but said a limited set of customers was impacted. The vulnerabilities in SaltStack were originally uncovered by security firm F-Secure, which describes them as easy to exploit.”]
Source: https://www.cuinfosecurity.com/hackers-breached-6-unpatched-cisco-internal-servers-a-14357