Cisco Bug: CSCur08462 - BE3K evaluation for CVE-2014-6271 and CVE-2014-7169
Last Modified
Jan 30, 2017
Products (1)
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
9.9(9)ST1.16
Description (partial)
Symptom: The Cisco Business Edition 3000 (BE3k) may include a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-6277 CVE-2014-6278 This bug has been opened to address the potential impact on this product. Conditions: Exploitation for the vulnerability is possible only through authenticated SSH, (Even if we bypass the CLI ) [admin@BE-3000-ONE ~]$ uname -a Linux BE-3000-ONE 2.6.18-194.26.1.el5PAE #1 SMP Fri Oct 29 14:28:58 EDT 2010 i686 i686 i386 GNU/Linux [admin@BE-3000-ONE ~]$ wpd bash: wpd: command not found [admin@BE-3000-ONE ~]$ pwd /home/admin [admin@BE-3000-ONE ~]$ id uid=667(admin) gid=503(administrator) groups=250(cuservice),500(sftpuser),501(platform),502(tomcat),503(ad mi nistrator),506(ccmbase),509(ccmsyslog),572(download) context=admin_u:sysadm_r:sysadm_t:SystemLow-SystemHigh
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases