Thanks Bedevere for looking into this for me. I know you can get to bash shell after enabling "system internal" on the ASR platform. To do this however you need to be authenticated first. Anyone have any idea if this exploit can be leveraged without being authenticarted to the router?
I'm not aware of any fix yet. However, accessing the linux shell on ASR requires authentication and as long as that is secured, you should be fine. Cisco would probably have to modify their code to upgrade the bash program to the latest one that is not impacted by this bug.
What do you do if you think you're running into a bug? Cisco makes it
possible for you to report bugs yourself. Learn how, and find out how
your contributions help us improve our software.Cisco publishes its
bugs. Before opening a TAC Support Case, use Bu...
Cisco Licensing is pleased to announce the new Licensing Portal. It
provides customers with an enhanced self-service experience by
stream-lining and automating many licensing activities. Please take a
moment to familiarize yourself with the features that ...