Cisco Bug: CSCur01099 - Evaluation of CVE-2014-6271 and CVE-2014-7169 for MDS platform

Last Modified

Sep 17, 2019

Products (1)

Cisco MDS 9000 Series Multilayer Switches

Known Affected Releases

4.1(1) 4.2(1) 5.0(1) 5.2(1) 6.2(1)

Description (partial)

Symptom:
The following Cisco products:

  MDS 9710 Switch
  MDS 9706 Switch
  MDS 9250i Switch
  MDS 9148S Switch
  MDS 9513 Switch
  MDS 9509 Switch
  MDS 9506 Switch
  MDS 9222i Switch
  MDS 9216i Switch
  MDS 9216A Switch
  MDS 9216 Switch
  MDS 9148 Switch
  MDS 9140 Switch
  MDS 9134 Switch
  MDS 9124 Switch
  MDS 9120 Switch
  MDS 8 Gbps Fabric Switch for HP c-Class Blade System
  MDS 4 Gbps Fabric Switch for HP c-Class BladeSystem
  MDS 4 Gbps Fabric Switch for IBM BladeCenter

include a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

  CVE-2014-6271
  CVE-2014-6277
  CVE-2014-6278
  CVE-2014-7169
  CVE-2014-7186
  CVE-2014-7187

This bug has been opened to address the potential impact on this product.

Conditions:
Exposure is dependent on the following features being enabled in the configuration.

feature telnet
  Enabled by default in releases earlier than NX-OS 5.0(1).
  This vector may only be exploited by authenticated users.

feature ssh-server
  Not enabled by default.
  This vector may only be exploited by authenticated users.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts