Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

GNU bashbug CSCur02981

I see that relase 7.4(121.0) is affected by the new bashbug. Is it safe to say that previous versions of 7.4 also is affected. GNU bash 1.14 has been out for a few years.

 

Regards,

Philip

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Cisco Security Advisory has

Cisco Security Advisory has just been updated and WLC LAN controller has just been updated as product confirmed not vulnerable.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability: 
  • Cisco Adaptive Security Appliance (ASA)
  • Cisco IOS
  • Cisco IOS-XR running on
    • Cisco ASR 9000 Series Aggregation Services Routers
    • Cisco CRS Router
    • Cisco XR 12000 Series Router
  • Cisco IronPort ESA/SMA
  • Cisco Private Internet eXchange (PIX)
  • Cisco Sourcefire Defense Center and Sensor products
  • Cisco Wireless LAN Controller (WLC)
6 REPLIES
New Member

How do understand the

How do you understand the "Devices with default configuration" condition? To me, that suggests, out of the box, what is it referring to? Any ideas? Thanks.

New Member

Hi, https://tools.cisco.com

Hi,

 

https://tools.cisco.com/bugsearch/bug/CSCur02981

 

Bug states

"This code is not exploitable, and not exposed on currently shipping versions."

But which versions are affected is still not mentioned.

 

Regards,

Kamal

New Member

Known Affected Releases:    

Known Affected Releases:    
(3)
7.4(121.0)
7.6(130.0)
8.0(100.0)


This should tell you that WLC code (AireOS) incorporates bash and thus all versions are vulnerable to Shellshock. However, it does not appear to be currently exploitable.

 

New Member

Hi,As mentioned by wifi yogi

Hi,

As mentioned by wifi yogi only 7.4,7.6 and 8.0 are affected however you should not be worried.

Because as per vulnerability you should should be able to do have SSH access(Bash)  device however in WLC only CLI access is available thus it can not  be exploited.

So you should NOT  be worried and when a patched code is available you can transfer over to that code.

Regards,

Kamal

New Member

Cisco Security Advisory has

Cisco Security Advisory has just been updated and WLC LAN controller has just been updated as product confirmed not vulnerable.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability: 
  • Cisco Adaptive Security Appliance (ASA)
  • Cisco IOS
  • Cisco IOS-XR running on
    • Cisco ASR 9000 Series Aggregation Services Routers
    • Cisco CRS Router
    • Cisco XR 12000 Series Router
  • Cisco IronPort ESA/SMA
  • Cisco Private Internet eXchange (PIX)
  • Cisco Sourcefire Defense Center and Sensor products
  • Cisco Wireless LAN Controller (WLC)

Thank you for the update.

Thank you for the update.

363
Views
15
Helpful
6
Replies