Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SA520W shellshock?

I saw this notice about ISA500 series being vulnerable.

https://tools.cisco.com/bugsearch/bug/CSCur05513 

 

Here is a list of open source software used in the ISA series

http://www.cisco.com/c/dam/en/us/td/docs/security/small_business_security/isa500/release/1-1-13/ISA570_OSD_1-1-X.pdf 

 

I don't understand where is vulnerability is, BusyBox uses Ash not Bash. Where is bash on the ISA?

The reason i ask is because i have an SA520W, which i think is quite similar, but not directly mention in the announcement.

Here is a list of SA520 open source software 

http://www.cisco.com/c/dam/en/us/td/docs/security/multi_function_security/multi_function_security_appliance/sa_500/release/SA500_OSD_2_2_0_x.pdf

 

Everyone's tags (1)
1 REPLY
Cisco Employee

Hi,For up-to-date information

Hi,

For up-to-date information on products affected by 'Shellshock', please see the official Security Advisory at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Please note the ISA500 is listed under 'Products Confirmed Not Vulnerable'.  Other products are still being investigated.

Thanks,

Brandon

158
Views
5
Helpful
1
Replies
CreatePlease to create content