Guest

Preview Tool

Cisco Bug: CSCuq98748 - Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169

Last Modified

May 23, 2018

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch

Known Affected Releases

4.2(8) 5.2(9) 5.2(9a)S3 6.1(5) 6.2(12)FF(0.4) 6.2(6) 6.2(8a) 7.0(2) 7.1(0)ZN(91.98) 7.1(0)ZN(91.99)

Description (partial)



Symptom:

The Nexus 7000 includes a version of bash that is affected by the vulnerabilities
identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271
CVE-2014-6277
CVE-2014-7169
CVE-2014-6278
CVE-2014-7186
CVE-2014-7187

This bug has been opened to address the potential impact on this product.

All current versions of NX-OS on this platform are affected unless otherwise stated
.
Exposure is not configuration dependent.
Authentication is required to exploit this vulnerability.

This bug is fixed in NX-OS versions specified below:

5.2(9a)
6.1(5a)
6.2(8b)
6.2(10) and above




Conditions:

A user must first successfully log in and authenticate via SSH to trigger this vulnerability.

Related Community Discussions

<key>CSCuq98748</key>- Bash Vulnerability
  All current versions of NX-OS on this platform are affected unless otherwise stated. unless otherwise stated .. so you mean only the following 9 Releases are affected? 4.2(8) 5.2(9) 5.2(9a)S3 6.1(5) 6.2(6) 6.2(8a) 7.0(2) 7.1(0)ZN(91.98) 7.1(0)ZN(91.99)  
Latest activity: Oct 15, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.