Preview Tool

Cisco Bug: CSCur07312 - Cisco ACE (ACE10 and ACE20) CVE-2014-6271 and CVE-2014-7169

Last Modified

Sep 10, 2019

Products (1)

  • Cisco ACE Application Control Engine Module

Known Affected Releases

3.0(0)A2(3.6d) 7.2(0.1)PR(0.1)

Description (partial)

The ACE ACE10, ACE20 and 4710 running software prior to A4.x  include a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:


This bug has been opened to address the potential impact on this product.

ACE10, ACE30 modules and ACE4710 appliance running code prior to A4.x  have been tested and each found to have vulnerability to one attack vector. 

Understand that attack works only by the vector of accessing the management interface on the ACE via ssh using a pre-existing valid login credential (with any level of access rights). Testing via VIP thru ssh/HTTP/HTTPs load balancing shows no vulnerability and since ACE does not execute any CGI scripting via VIP that vector also is not vulnerable.

Exposure is not configuration dependant.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.