Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Bash Code Injection - Case Terminated

https://tools.cisco.com/bugsearch/bug/CSCur02931

 

It looks like the case has been closed with no suggested software upgrade path?

 

Are later versions, e.g. A5(3.1a) vulnerable?

1 REPLY
New Member

Gyroll666, I was concerned

Gyroll666,

 

I was concerned about this also. Based on the Cisco report (above "Conditions" on the bug page, it looks as though you have to have an existing account and have access to the device via ssh to do any harm. As long as you have your access accounts managed properly you should be fine. That said, ensure the accounts manager (ACS) does not have ssh enabled.

 

292
Views
0
Helpful
1
Replies
CreatePlease login to create content