Cisco Bug: CSCur04925 - Cisco OnePK All-in-One VM evaluation for CVE-2014-6271 and CVE-2014-7169
Dec 19, 2019
- Cisco Support Tools
Known Affected Releases
Symptom: The following Cisco products Cisco onePK All-in-One VM include a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 This bug has been opened to address the potential impact on this product. Conditions: Exposure is not configuration dependent. By default, a vulnerable version (4.2-2ubuntu2) of GNU Bourne Again SHell (bash) is installed. Access vectors exist, such as the pre-installed DHCP client, and others may be installed by the user. Authentication is NOT required to exploit this vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases