Cisco Bug: CSCur05679 - Cisco VDS Service Broker/evaluation for CVE-2014-6271 and CVE-2014-7169
Jun 24, 2020
- Cisco Videoscape Distribution Suite Service Broker
Known Affected Releases
Symptom: Cisco VDS Service Broker includes a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 This bug has been opened to address the potential impact on this product. Conditions: For the following components: SSH (server): Exposure is not configuration dependent. Authentication is required for the vulnerability to get exploited. Telnet (server): When it is enabled, e.g. by running CLI config "(config)#telnet enable", but it is disabled with default configuration. Authentication is required for the vulnerability to get exploited. DHCP (client): When it is enabled, e.g. by running CLI config "(config)#interface TenGigabitEthernet 2/0 ip address dhcp", but it is not configured with default configuration. Authentication is not required for the vulnerability to get exploited. All VDS Service Broker versions are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases