Cisco Bug: CSCur01099 - Evaluation of CVE-2014-6271 and CVE-2014-7169 for MDS platform
Sep 17, 2019
- Cisco MDS 9000 Series Multilayer Switches
Known Affected Releases
4.1(1) 4.2(1) 5.0(1) 5.2(1) 6.2(1)
Symptom: The following Cisco products: MDS 9710 Switch MDS 9706 Switch MDS 9250i Switch MDS 9148S Switch MDS 9513 Switch MDS 9509 Switch MDS 9506 Switch MDS 9222i Switch MDS 9216i Switch MDS 9216A Switch MDS 9216 Switch MDS 9148 Switch MDS 9140 Switch MDS 9134 Switch MDS 9124 Switch MDS 9120 Switch MDS 8 Gbps Fabric Switch for HP c-Class Blade System MDS 4 Gbps Fabric Switch for HP c-Class BladeSystem MDS 4 Gbps Fabric Switch for IBM BladeCenter include a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 This bug has been opened to address the potential impact on this product. Conditions: Exposure is dependent on the following features being enabled in the configuration. feature telnet Enabled by default in releases earlier than NX-OS 5.0(1). This vector may only be exploited by authenticated users. feature ssh-server Not enabled by default. This vector may only be exploited by authenticated users.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases