Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

[CVE-2014-6271] IronPort appliances affected by recent bash vulnerability?

http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x

 

Discussion?

7 REPLIES
Cisco Employee

No - ESA and SMA do not have

No - ESA and SMA do not have BASH running on the OS - so, they are not included.

Complete info:

http://tools.cisco.com/security/center/viewAlert.x?alertId=35816

New Member

Hello Robert Where do we

Hello Robert

 

Where do we stand with the Ironport Encryption Appliances? Your input would be appreciated.

 

Regards

Cisco Employee

For the IEA - checking on

For the IEA - checking on status, we have an open query with our PSIRT team - who handles the vulnerability assessments.  Looking at one appliance in lab - I see it running the following:

# bash --help

GNU bash, version 3.1.17(1)-release-(i686-redhat-linux-gnu)

I'll have to provide an update regarding the IEA once I have further info.

-Robert

New Member

Hi RobertThank you very much

Hi Robert

Thank you very much for the quick response. It is appreciated.

I will stand by for an update on the matter.

Regards

 

Harry

Cisco Employee

Cisco has issued an official

Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Please refer to the expanded "Affected Products".

The following Cisco products are currently under investigation:

Cable Modems

  • Cisco CWMS

Network Application, Service, and Acceleration

  • Cisco ACE GSS 4400 Series Global Site Selector
  • Cisco ASA
  • Cisco GSS 4492R Global Site Selector

Network and Content Security Devices

  • Cisco IronPort Encryption Appliance
  • Cisco Ironport WSA

Routing and Switching - Enterprise and Service Provider

  • Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500
  • Cisco ISM
  • Cisco NCS6000

Voice and Unified Communications Devices

  • Cisco Finesse
  • Cisco MediaSense
  • Cisco SocialMiner
  • Cisco Unified Contact Center Express (UCCX)

Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.

Cisco Employee

IEA patch and information

IEA patch and information will be available once approved from PSIRT.  Once it is completed, you will see this added to the +Affected Products, +Vulnerable Products, and the CSC public defect note will be added, allowing you to see the fix steps via the bugsearch tool.

We appreciate the patience and understanding in this matter involving the IEA!

-Robert

New Member

Good morning RobertThank you

Good morning Robert

Thank you for the update, it is appreciated.

Regards

Harry

2039
Views
0
Helpful
7
Replies