Guest

Preview Tool

Cisco Bug: CSCur05081 - Product evaluation for CVE-2014-6271 and CVE-2014-7169

Last Modified

Jan 29, 2017

Products (1)

  • Cisco Unified Computing System

Known Affected Releases

2.2(2c)A 3.0(1.36)B 4.0(200.2)

Description (partial)

Symptom:
All B-series servers include a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271 
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187


Cisco has analyzed this vulnerability and concluded that while the previously listed products may run a vulnerable version of Bash, there are no exploitation vectors present for CIMC firmware versions 2.0.2 and later. For CIMC firmware versions 2.0.1 and earlier,  exploitation vectors exists.

Conditions:
For CIMC firmware versions 2.0.2 and later, exploitation vectors do not exist and therefore, there are no conditions.

For CIMC firmware versions 2.0.1 and earlier, the user must connect to CIMC's Serial-over-LAN (SOL) functionality by using an SSH client.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.