Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2830
Views
0
Helpful
7
Replies

[CVE-2014-6271] IronPort appliances affected by recent bash vulnerability?

Jason Meyer
Level 1
Level 1

‎09-25-2014 07:19 AM

http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x

 

Discussion?

Labels:
0 Helpful
7 Replies 7

Robert Sherwin
Cisco Employee
Cisco Employee

‎09-25-2014 07:26 AM

No - ESA and SMA do not have BASH running on the OS - so, they are not included.

Complete info:

http://tools.cisco.com/security/center/viewAlert.x?alertId=35816

Cheers,
Robert Sherwin
0 Helpful

harrymailg
Level 1
Level 1
In response to Robert Sherwin

‎09-25-2014 01:17 PM

Hello Robert

 

Where do we stand with the Ironport Encryption Appliances? Your input would be appreciated.

 

Regards

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to harrymailg

‎09-25-2014 01:32 PM

For the IEA - checking on status, we have an open query with our PSIRT team - who handles the vulnerability assessments.  Looking at one appliance in lab - I see it running the following:

# bash --help

GNU bash, version 3.1.17(1)-release-(i686-redhat-linux-gnu)

I'll have to provide an update regarding the IEA once I have further info.

-Robert

Cheers,
Robert Sherwin
0 Helpful

harrymailg
Level 1
Level 1
In response to Robert Sherwin

‎09-25-2014 01:40 PM

Hi Robert

Thank you very much for the quick response. It is appreciated.

I will stand by for an update on the matter.

Regards

 

Harry

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to harrymailg

‎09-26-2014 05:39 AM

Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Please refer to the expanded "Affected Products".

The following Cisco products are currently under investigation:

Cable Modems

  • Cisco CWMS

Network Application, Service, and Acceleration

  • Cisco ACE GSS 4400 Series Global Site Selector
  • Cisco ASA
  • Cisco GSS 4492R Global Site Selector

Network and Content Security Devices

  • Cisco IronPort Encryption Appliance
  • Cisco Ironport WSA

Routing and Switching - Enterprise and Service Provider

  • Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500
  • Cisco ISM
  • Cisco NCS6000

Voice and Unified Communications Devices

  • Cisco Finesse
  • Cisco MediaSense
  • Cisco SocialMiner
  • Cisco Unified Contact Center Express (UCCX)

Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.

Cheers,
Robert Sherwin
0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to harrymailg

‎09-28-2014 07:29 AM

IEA patch and information will be available once approved from PSIRT.  Once it is completed, you will see this added to the +Affected Products, +Vulnerable Products, and the CSC public defect note will be added, allowing you to see the fix steps via the bugsearch tool.

We appreciate the patience and understanding in this matter involving the IEA!

-Robert

Cheers,
Robert Sherwin
0 Helpful

harrymailg
Level 1
Level 1
In response to Robert Sherwin

‎09-28-2014 11:28 PM

Good morning Robert

Thank you for the update, it is appreciated.

Regards

Harry

0 Helpful
Customers Also Viewed These Support Documents