Guest

Preview Tool

Cisco Bug: CSCur05199 - Remote code execution in Bash 3.2 CVE-2014-6271

Last Modified

Apr 16, 2018

Products (39)

  • Cisco Firepower Management Center
  • Sourcefire Defense Center 1000 Chassis
  • Cisco FirePOWER Appliance 8260
  • Cisco FirePOWER Appliance 8360
  • Sourcefire 3D6500 Sensor
  • Cisco FirePOWER Appliance 8120
  • Cisco AMP 8150
  • Cisco FirePOWER Appliance 8130
  • Cisco FirePOWER Appliance 8140
  • Cisco FirePOWER Appliance 8350
View all products in Bug Search Tool Login Required

Known Affected Releases

4.10.3 5.2.0 5.3.0 5.3.1 5.4.0 5.4.0.1 6.0.0

Description (partial)

Symptom:
The following Cisco products

all FirePower and FireSight products

include a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271 
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

This bug has been opened to address the potential impact on this product

Conditions:
All systems are affected if configured to use DHCP for network addresses.  Aithentication is NOT required to exploit this vulnerability for systems configured to use DHCP.

3D8xxx, 3D7xxx, virtual sensors, and FirePower Services on ASA that have been configured to "Disable expert mode" for CLI users through the system policy are effected.  Authentication is required to exploit this vulnerability for CLI users.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.