Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VCS: Multiple bash shell vulnerabilities CSCur01461

Hi All,

 

We have VCS X8.2.1 installed in our environment and this version is not listed in affected or fixed releases.

Can somebody confirm if VCS X8.2.1 version is affected or not? 

 

Many Thanks for your help

 

Ondrej

Everyone's tags (1)
3 REPLIES
New Member

Yes, VCS is affected. There

Yes, VCS is affected. There are fixes out for version 7 and 8.

See also the bug CSCur01461.

https://tools.cisco.com/bugsearch/bug/CSCur01461

Regards, Paul
Cisco Employee

Yes it is, but authentication

Yes it is, but authentication is required to exploit this vulnerability.  See below.

https://tools.cisco.com/bugsearch/bug/CSCur01461

Conditions:
The API over HTTP(S) or/and SSH but authentication is required to exploit this vulnerability.

Workaround:
Configure firewall rules on VCS/Expressway (using feature on VCS/Expressway) to deny HTTP(S) and SSH access from unknown IP address (or/and address range)
If VCS/Expressway is behind the firewall, manage SSH/HTTP(S) traffic to VCS/Expressway products.
 

VIP Green

Yes, X8.2.1 is affected.  The

Yes, X8.2.1 is affected.  The fixed version is X8.2.2.  This has been discussed in the TelePresence section of the forums where the VCSes and other TelePresence related infrastucture and endpoints are more actively discussed.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
431
Views
0
Helpful
3
Replies
CreatePlease login to create content