Guest

Preview Tool

Cisco Bug: CSCur04588 - Bash Code Injection Vulnerability (CVE-2014-6271/CVE-2014-7169)

Last Modified

Jan 30, 2016

Products (3)

  • Cisco TelePresence Serial Gateway Series
  • Cisco TelePresence Serial GW MSE 8330
  • Cisco TelePresence Serial GW 3340

Known Affected Releases

1.0(1.38)

Description (partial)

Symptom:
The following Cisco products:

Cisco TelePresence Serial GW 3340
Cisco TelePresence Serial GW MSE 8330

include a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271 
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

Cisco has analyzed this vulnerability and concluded that the previously listed products are not impacted. Whilst the listed products currently contain a copy of the Bash binary, this is not used by the operating system or any network facing service.

This defect is now in use to track the removal of this package in any future release of the product, but there is no need for a maintenance release specifically for this.

Conditions:
Not applicable
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.