Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Shellshock exploit targeting email gateways (ESAs)

Could you please review the attack vector described in the below article:


An active botnet is targeting email gateways by adding scripts in email fields like to, from, body etc.

A vulnerable gateway will execute these scripts and download malware and make the gateway part of another botnet.


Can you please let us know if our ESAs are good enough on these attacks?

Cisco Employee

Cisco has issued an official

Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:

Please refer to the expanded "Affected Products" for details on our products.


Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability: 

  • Cisco IOS
  • Cisco IronPort ESA/SMA
  • Cisco Private Internet eXchange (PIX)
  • Cisco Sourcefire Defense Center and Sensor products


Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on at: 

This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:

CreatePlease to create content