Guest

Preview Tool

Cisco Bug: CSCur04541 - Bash Code Injection Vulnerability (CVE-2014-6271/CVE-2014-7169)

Last Modified

Dec 19, 2017

Products (6)

  • Cisco TelePresence Server
  • Cisco TelePresence Server on Multiparty Media 310
  • Cisco TelePresence Server on Virtual Machine
  • Cisco TelePresence Server 7010
  • Cisco TelePresence Server on Multiparty Media 320
  • Cisco TelePresence Server MSE 8710

Known Affected Releases

4.0(1.57) 4.0(2.8) 4.0Maintenance1 4.1Release

Description (partial)

Symptom:
The following Cisco products:

Cisco TelePresence Server 8710/7010
Cisco TelePresence Server on Media 310/320

include a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271 
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

Cisco has analyzed this vulnerability and concluded that the previously listed products are not impacted.

----------------------------
The following Cisco products:

Cisco TelePresence Server on Virtual Machine

include a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271 
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

Cisco has analyzed this vulnerability and concluded that the previously listed products are not impacted. Whilst the listed products currently contain a copy of the Bash binary, this is not used by any network facing service.

This defect is now in use to track the removal of this package in any future release of the product, but there is no need for a maintenance release specifically for this.

Conditions:
Not applicable
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.