Guest

Preview Tool

Cisco Bug: CSCur03368 - IOS-XE for Nova devices: GNU Bourne Shell "Shellshock" Vulnerability

Last Modified

Jul 03, 2020

Products (150)

  • Cisco IOS
  • Cisco Catalyst 2960X-48LPS-L Switch
  • Cisco Catalyst 2960X-24PD-L Switch
  • Cisco Catalyst 3560X-48P-S Switch
  • Cisco Embedded Service 2020 24TC NCP B Switch
  • Cisco Catalyst 2960S-F48FPS-L Switch
  • Cisco Catalyst 3560CG-8TC-S Compact Switch
  • Cisco Catalyst 3560X-48U-S Switch
  • Cisco Catalyst 2960C-8TC-S Switch
  • Cisco Catalyst 3560X-48T-E Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

15.0(1)EX3 15.0(1)EZ3 15.0(1)XO1 15.0(2)SG 15.0(2)SG9 15.0(2)SQC 15.0(2)XO 15.1(1)SG 15.1(1)XO1 15.1(2)SG 15.1(2)SG4 15.2(1)E 15.2(2)E

Description (partial)

Symptom:
Cisco IOS -XE for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10) includes a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271 
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

Cisco has analyzed this vulnerability and concluded that while the previously listed products may run a vulnerable version of Bash, there are no exploitation vectors present - therefore, those products are not impacted.

Conditions:
Not available

Related Community Discussions

<key>CSCur03368</key> - IOS-XE for Nova devices GNU Bourne Shell &quot;Shellshock&quot; Vulnerability - 1
I see the 5760 controller is listed and only code versions of 15.x are in the affected and fixed columns.   The 5760 is only running 3.x IOS-XE code.  Is there still an issue?
Latest activity: Oct 30, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.