Cisco Bug: CSCur05081 - Product evaluation for CVE-2014-6271 and CVE-2014-7169
Nov 27, 2018
- Cisco Unified Computing System
Known Affected Releases
2.2(2c)A 3.0(1.36)B 4.0(200.2)
Symptom: All B-series servers include a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Cisco has analyzed this vulnerability and concluded that while the previously listed products may run a vulnerable version of Bash, there are no exploitation vectors present for CIMC firmware versions 2.0.2 and later. For CIMC firmware versions 2.0.1 and earlier, exploitation vectors exists. Conditions: For CIMC firmware versions 2.0.2 and later, exploitation vectors do not exist and therefore, there are no conditions. For CIMC firmware versions 2.0.1 and earlier, the user must connect to CIMC's Serial-over-LAN (SOL) functionality by using an SSH client.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases