Lucene search
CiscoCISCO-SA-20140926-BASHHistorySep 26, 2014 - 1:00 a.m.
GNU Bash Environment Variable Command Injection Vulnerability
2014-09-2601:00:00
tools.cisco.com
92
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.
All versions of GNU Bash starting with version 1.14 are affected by this vulnerability and the specific impact is determined by the characteristics of the process using the Bash shell. In the worst case, an unauthenticated remote attacker would be able to execute commands on an affected server. However, in most cases involving Cisco products, authentication is required before exploitation could be attempted.
A number of Cisco products ship with or use an affected version of the Bash shell. The Bash shell is a third-party software component that is part of the GNU software project and used by a number of software vendors. As of this version of the Security Advisory, there have been a number of vulnerabilities recently discovered in the Bash shell, and the investigation is ongoing. For vulnerable products, Cisco has included information on the product versions that will contain the fixed software, and the date these versions are expected to be published on the cisco.com download page [“http://www.cisco.com/cisco/web/support/index.html#~shp_download”]. This advisory will be updated as additional information becomes available. Cisco may release free software updates that address this vulnerability if a product is determined to be affected by this vulnerability. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash”]
Affected configurations
Node
ciscoapplication_and_content_networking_system_softwareMatchany
ORciscosecure_access_control_systemMatchany
ORciscointrusion_prevention_systemMatchany
ORciscopgw_2200_softswitchMatchany
ORciscoprime_access_registrarMatchany
ORciscoemergency_responderMatchany
ORciscogss_4480_global_site_selectorMatchany
ORciscomds_9000_san-osMatchany
ORcisconac_applianceMatchany
ORciscowide_area_application_servicesMatchany
ORciscounified_contact_center_enterpriseMatchany
ORcisconetflow_collection_engineMatchany
ORciscoip_interoperability_and_collaboration_systemMatchany
ORciscoservice_control_engineMatchany
ORciscounity_connectionMatchany
ORciscotelepresence_managerMatchany
ORcisconx_osMatch4.1
ORcisconx_osMatch5.0
ORcisconx_osMatch4.2
ORcisconx_osMatch5.1
ORcisconx_osMatch5.2
ORcisconx_osMatch6.1
ORcisconx_osMatch4.0(0)N1
ORcisconx_osMatch4.0(1a)N1
ORcisconx_osMatch4.0(1a)N2
ORcisconx_osMatch4.1(2)E1
ORcisconx_osMatch4.1(3)N1
ORcisconx_osMatch4.1(3)N2
ORcisconx_osMatch4.2(1)N1
ORcisconx_osMatch4.2(1)N2
ORcisconx_osMatch4.2(1)SV1
ORcisconx_osMatch4.2(1)SV2
ORcisconx_osMatch5.0(2)N1
ORcisconx_osMatch5.0(2)N2
ORcisconx_osMatch5.0(3)N1
ORcisconx_osMatch5.0(3)N2
ORcisconx_osMatch5.0(3)U1
ORcisconx_osMatch5.0(3)U2
ORcisconx_osMatch5.0(3)U3
ORcisconx_osMatch5.0(3)U4
ORcisconx_osMatch5.0(3)U5
ORcisconx_osMatch5.1(3)N1
ORcisconx_osMatch5.1(3)N2
ORcisconx_osMatch5.2(1)N1
ORcisconx_osMatch5.2(1)SM1
ORcisconx_osMatch6.0
ORcisconx_osMatch6.0(2)N1
ORcisconx_osMatch6.0(2)N2
ORcisconx_osMatch6.0(2)U1
ORcisconx_osMatch6.0(2)U4
ORcisconx_osMatch6.1(2)I2
ORcisconx_osMatch6.2
ORcisconx_osMatch7.0(0)N1
ORcisconx_osMatch7.0(1)N1
ORcisconx_osMatch7.0(2)N1
ORcisconx_osMatch7.0(3)N1
ORciscoace_4700_series_application_control_engine_applianceMatchany
ORciscounified_communications_managerMatchany
ORciscophysical_access_gatewayMatchany
ORciscoios_xeMatch3.2SG
ORciscoios_xeMatch3.7S
ORciscoios_xeMatch3.3SG
ORciscoios_xeMatch3.8S
ORciscoios_xeMatch3.9S
ORciscoios_xeMatch3.2SE
ORciscoios_xeMatch3.3SE
ORciscoios_xeMatch3.3XO
ORciscoios_xeMatch3.4SG
ORciscoios_xeMatch3.5E
ORciscoios_xeMatch3.10S
ORciscoios_xeMatch3.11S
ORciscoios_xeMatch3.12S
ORciscoios_xeMatch3.13S
ORciscovideo_surveillance_media_serverMatchany
ORciscodigital_media_playerMatchany
ORciscodigital_media_managerMatchany
ORcisconetwork_analysis_module_softwareMatchany
ORciscoironport_encryption_applianceMatchany
ORcisconetwork_admission_controlMatchany
ORciscomedia_experience_engine_5600Matchany
ORciscoshow_and_shareMatchany
ORciscoidentity_services_engine_softwareMatchany
ORciscotelepresence_video_communication_serverMatchany
ORciscounified_computing_systemMatchany
ORciscobusiness_edition_3000_softwareMatchany
ORciscotelepresence_recording_serverMatchany
ORciscotelepresence_managerMatchany
ORciscotelepresence_multipoint_switchMatchany
ORciscoasa_cx_context-aware_security_softwareMatchany
ORciscoprime_security_managerMatchany
ORciscoprime_lan_management_solutionMatchany
ORciscoprime_network_control_systemMatchany
ORciscounified_communications_domain_managerMatchany
ORciscoprime_collaborationMatchany
ORciscoprime_infrastructureMatchany
ORciscowebex_node_for_mcsMatchany
ORciscounified_computing_systemMatchany
ORciscounified_computing_system_central_softwareMatchany
ORciscowebex_node_for_asr_1000_seriesMatchany
ORciscotelepresence_system_softwareMatchany
ORciscoenterprise_content_delivery_systemMatchany
ORciscotelepresence_te_softwareMatchany
ORciscovirtualization_experience_client_6000_series_firmwareMatchany
ORciscoasr_5000_series_softwareMatchany
ORciscovideoscape_distribution_suite_service_brokerMatchany
ORciscofinesseMatchany
ORciscosocialminerMatchany
ORciscomediasenseMatchany
ORciscotelepresence_tx9000Matchany
ORciscomedia_experience_engine_5600Matchany
ORciscoucs_directorMatchany
ORciscounified_intelligence_centerMatchany
ORciscouniversal_small_cell_series_firmwareMatchany
ORciscoprime_service_catalogMatchany
ORcisconexus_1000v_switchMatchany
ORcisco300_series_managed_switchesMatchany
ORciscoapplication_and_content_networking_system_softwareMatchany
ORciscosecure_access_control_systemMatchany
ORciscointrusion_prevention_systemMatchany
ORciscopgw_2200Match2200 Softswitch
ORciscoprime_access_registrarMatchany
ORciscoemergency_responderMatchany
ORciscogss_4480_global_site_selectorMatchany
ORciscomds_9000_san-osMatchany
ORcisconac_applianceMatchany
ORciscowide_area_application_servicesMatchany
ORciscounified_contact_center_enterpriseMatchany
ORcisconetflow_collection_engineMatchany
ORciscoip_interoperability_and_collaboration_systemMatchany
ORciscoservice_control_engineMatchany
ORciscounity_connectionMatchany
ORciscotelepresence_managerMatchany
ORcisconx_osMatch4.1(2)
ORcisconx_osMatch4.1(3)
ORcisconx_osMatch4.1(4)
ORcisconx_osMatch4.1(5)
ORcisconx_osMatch5.0(2a)
ORcisconx_osMatch5.0(3)
ORcisconx_osMatch5.0(5)
ORcisconx_osMatch4.2(2a)
ORcisconx_osMatch4.2(3)
ORcisconx_osMatch4.2(4)
ORcisconx_osMatch4.2(6)
ORcisconx_osMatch4.2(8)
ORcisconx_osMatch5.1(1)
ORcisconx_osMatch5.1(1a)
ORcisconx_osMatch5.1(3)
ORcisconx_osMatch5.1(4)
ORcisconx_osMatch5.1(5)
ORcisconx_osMatch5.1(6)
ORcisconx_osMatch5.2(1)
ORcisconx_osMatch5.2(3a)
ORcisconx_osMatch5.2(4)
ORcisconx_osMatch5.2(5)
ORcisconx_osMatch5.2(7)
ORcisconx_osMatch5.2(9)
ORcisconx_osMatch6.1(1)
ORcisconx_osMatch6.1(2)
ORcisconx_osMatch6.1(3)
ORcisconx_osMatch6.1(4)
ORcisconx_osMatch6.1(4a)
ORcisconx_osMatch4.0(0)N1(1a)
ORcisconx_osMatch4.0(0)N1(2)
ORcisconx_osMatch4.0(0)N1(2a)
ORcisconx_osMatch4.0(1a)N1(1)
ORcisconx_osMatch4.0(1a)N1(1a)
ORcisconx_osMatch4.0(1a)N2(1)
ORcisconx_osMatch4.0(1a)N2(1a)
ORcisconx_osMatch4.1(2)E1(1)
ORcisconx_osMatch4.1(2)E1(1b)
ORcisconx_osMatch4.1(2)E1(1d)
ORcisconx_osMatch4.1(2)E1(1e)
ORcisconx_osMatch4.1(2)E1(1f)
ORcisconx_osMatch4.1(2)E1(1g)
ORcisconx_osMatch4.1(2)E1(1h)
ORcisconx_osMatch4.1(2)E1(1i)
ORcisconx_osMatch4.1(2)E1(1j)
ORcisconx_osMatch4.1(3)N1(1)
ORcisconx_osMatch4.1(3)N1(1a)
ORcisconx_osMatch4.1(3)N2(1)
ORcisconx_osMatch4.1(3)N2(1a)
ORcisconx_osMatch4.2(1)N1(1)
ORcisconx_osMatch4.2(1)N2(1)
ORcisconx_osMatch4.2(1)N2(1a)
ORcisconx_osMatch4.2(1)SV1(4)
ORcisconx_osMatch4.2(1)SV1(4a)
ORcisconx_osMatch4.2(1)SV1(4b)
ORcisconx_osMatch4.2(1)SV1(5.1)
ORcisconx_osMatch4.2(1)SV1(5.1a)
ORcisconx_osMatch4.2(1)SV1(5.2)
ORcisconx_osMatch4.2(1)SV1(5.2b)
ORcisconx_osMatch4.2(1)SV2(1.1)
ORcisconx_osMatch4.2(1)SV2(1.1a)
ORcisconx_osMatch4.2(1)SV2(2.1)
ORcisconx_osMatch4.2(1)SV2(2.1a)
ORcisconx_osMatch5.0(2)N1(1)
ORcisconx_osMatch5.0(2)N2(1)
ORcisconx_osMatch5.0(2)N2(1a)
ORcisconx_osMatch5.0(3)N1(1c)
ORcisconx_osMatch5.0(3)N2(1)
ORcisconx_osMatch5.0(3)N2(2)
ORcisconx_osMatch5.0(3)N2(2a)
ORcisconx_osMatch5.0(3)N2(2b)
ORcisconx_osMatch5.0(3)U1(1)
ORcisconx_osMatch5.0(3)U1(1a)
ORcisconx_osMatch5.0(3)U1(1b)
ORcisconx_osMatch5.0(3)U1(1d)
ORcisconx_osMatch5.0(3)U1(2)
ORcisconx_osMatch5.0(3)U1(2a)
ORcisconx_osMatch5.0(3)U2(1)
ORcisconx_osMatch5.0(3)U2(2)
ORcisconx_osMatch5.0(3)U2(2a)
ORcisconx_osMatch5.0(3)U2(2b)
ORcisconx_osMatch5.0(3)U2(2c)
ORcisconx_osMatch5.0(3)U2(2d)
ORcisconx_osMatch5.0(3)U3(1)
ORcisconx_osMatch5.0(3)U3(2)
ORcisconx_osMatch5.0(3)U3(2a)
ORcisconx_osMatch5.0(3)U3(2b)
ORcisconx_osMatch5.0(3)U4(1)
ORcisconx_osMatch5.0(3)U5(1)
ORcisconx_osMatch5.0(3)U5(1a)
ORcisconx_osMatch5.0(3)U5(1b)
ORcisconx_osMatch5.0(3)U5(1c)
ORcisconx_osMatch5.0(3)U5(1d)
ORcisconx_osMatch5.0(3)U5(1e)
ORcisconx_osMatch5.0(3)U5(1f)
ORcisconx_osMatch5.0(3)U5(1g)
ORcisconx_osMatch5.0(3)U5(1h)
ORcisconx_osMatch5.1(3)N1(1)
ORcisconx_osMatch5.1(3)N1(1a)
ORcisconx_osMatch5.1(3)N2(1)
ORcisconx_osMatch5.1(3)N2(1a)
ORcisconx_osMatch5.1(3)N2(1b)
ORcisconx_osMatch5.1(3)N2(1c)
ORcisconx_osMatch5.2(1)N1(1)
ORcisconx_osMatch5.2(1)N1(1a)
ORcisconx_osMatch5.2(1)N1(1b)
ORcisconx_osMatch5.2(1)N1(2)
ORcisconx_osMatch5.2(1)N1(2a)
ORcisconx_osMatch5.2(1)N1(3)
ORcisconx_osMatch5.2(1)N1(4)
ORcisconx_osMatch5.2(1)N1(5)
ORcisconx_osMatch5.2(1)N1(6)
ORcisconx_osMatch5.2(1)N1(7)
ORcisconx_osMatch5.2(1)N1(8a)
ORcisconx_osMatch5.2(1)N1(8)
ORcisconx_osMatch5.2(1)SM1(5.1)
ORcisconx_osMatch6.0(1)
ORcisconx_osMatch6.0(2)
ORcisconx_osMatch6.0(3)
ORcisconx_osMatch6.0(4)
ORcisconx_osMatch6.0(2)N1(1)
ORcisconx_osMatch6.0(2)N1(2)
ORcisconx_osMatch6.0(2)N1(2a)
ORcisconx_osMatch6.0(2)N2(1)
ORcisconx_osMatch6.0(2)N2(1b)
ORcisconx_osMatch6.0(2)N2(2)
ORcisconx_osMatch6.0(2)N2(3)
ORcisconx_osMatch6.0(2)N2(4)
ORcisconx_osMatch6.0(2)N2(5)
ORcisconx_osMatch6.0(2)U1(1)
ORcisconx_osMatch6.0(2)U1(2)
ORcisconx_osMatch6.0(2)U1(1a)
ORcisconx_osMatch6.0(2)U1(3)
ORcisconx_osMatch6.0(2)U4(1)
ORcisconx_osMatch6.1(2)I2(1)
ORcisconx_osMatch6.1(2)I2(2)
ORcisconx_osMatch6.1(2)I2(2a)
ORcisconx_osMatch6.1(2)I2(3)
ORcisconx_osMatch6.1(2)I2(2b)
ORcisconx_osMatch6.2(2)
ORcisconx_osMatch6.2(2a)
ORcisconx_osMatch6.2(6)
ORcisconx_osMatch7.0(0)N1(1)
ORcisconx_osMatch7.0(1)N1(1)
ORcisconx_osMatch7.0(2)N1(1)
ORcisconx_osMatch7.0(3)N1(1)
ORciscoace_4710Match4700 Series Application Control Engine Appliances
ORciscounified_communications_managerMatchany
ORciscophysical_access_gatewayMatchany
ORciscoios_xeMatch3.2.0SG
ORciscoios_xeMatch3.2.1SG
ORciscoios_xeMatch3.2.2SG
ORciscoios_xeMatch3.2.3SG
ORciscoios_xeMatch3.2.4SG
ORciscoios_xeMatch3.2.5SG
ORciscoios_xeMatch3.7.0S
ORciscoios_xeMatch3.7.1S
ORciscoios_xeMatch3.7.2S
ORciscoios_xeMatch3.7.3S
ORciscoios_xeMatch3.7.4S
ORciscoios_xeMatch3.7.5S
ORciscoios_xeMatch3.7.6S
ORciscoios_xeMatch3.3.0SG
ORciscoios_xeMatch3.3.2SG
ORciscoios_xeMatch3.3.1SG
ORciscoios_xeMatch3.8.0S
ORciscoios_xeMatch3.8.1S
ORciscoios_xeMatch3.8.2S
ORciscoios_xeMatch3.9.1S
ORciscoios_xeMatch3.9.0S
ORciscoios_xeMatch3.9.2S
ORciscoios_xeMatch3.2.0SE
ORciscoios_xeMatch3.2.1SE
ORciscoios_xeMatch3.2.2SE
ORciscoios_xeMatch3.2.3SE
ORciscoios_xeMatch3.3.0SE
ORciscoios_xeMatch3.3.1SE
ORciscoios_xeMatch3.3.0XO
ORciscoios_xeMatch3.4.0SG
ORciscoios_xeMatch3.4.2SG
ORciscoios_xeMatch3.4.1SG
ORciscoios_xeMatch3.5.0E
ORciscoios_xeMatch3.10.0S
ORciscoios_xeMatch3.10.1S
ORciscoios_xeMatch3.10.2S
ORciscoios_xeMatch3.10.0aS
ORciscoios_xeMatch3.10.3S
ORciscoios_xeMatch3.10.4S
ORciscoios_xeMatch3.11.1S
ORciscoios_xeMatch3.11.2S
ORciscoios_xeMatch3.11.0S
ORciscoios_xeMatch3.12.0S
ORciscoios_xeMatch3.13.0S
ORciscovideo_surveillance_media_serverMatchany
ORciscodigital_media_playerMatchany
ORciscodigital_media_managerMatchany
ORcisconetwork_analysis_module_softwareMatchany
ORciscoironport_encryption_applianceMatchany
ORcisconetwork_admission_controlMatchany
ORciscocisco_iosMatch5600 Media Experience Engine
ORciscoshow_and_shareMatchany
ORciscoidentity_services_engine_softwareMatchany
ORciscotelepresence_video_communication_serverMatchany
ORciscounified_computing_systemMatchany
ORciscobusiness_edition_3000Match3000 Software
ORciscotelepresence_recording_serverMatchany
ORciscotelepresence_managerMatchany
ORciscotelepresence_multipoint_switchMatchany
ORciscoasa_cx_context-aware_security_softwareMatchany
ORciscoprime_security_managerMatchany
ORciscoprime_lan_management_solutionMatchany
ORciscoprime_network_control_systemMatchany
ORciscounified_communications_domain_managerMatchany
ORciscoprime_collaborationMatchany
ORciscoprime_infrastructureMatchany
ORciscowebex_node_for_mcsMatchany
ORciscounified_computing_systemMatchany
ORciscounified_computing_system_central_softwareMatchany
ORciscowebex_node_for_asr_1000_seriesMatch1000 Series
ORciscotelepresence_system_softwareMatchany
ORciscoenterprise_content_delivery_systemMatchany
ORciscotelepresence_te_softwareMatchany
ORciscovirtualization_experience_client_6000Match6000 Series Firmware
ORciscoasr_1001Match5000 Series Software
ORciscovideoscape_distribution_suite_service_brokerMatchany
ORciscofinesseMatchany
ORciscosocialminerMatchany
ORciscomediasenseMatchany
ORciscotelepresence_tx9000Matchany
ORciscocisco_iosMatch3500 (Media Experience Engine)
ORciscoucs_directorMatchany
ORciscounified_intelligence_centerMatchany
ORciscouniversal_small_cell_series_firmwareMatchany
ORciscoprime_service_catalogMatchany
ORcisconexus_5000Match1000V Switch
ORciscoedge_340Match300 Series
Related
nessus
nessus
f5
f5
K15629 : Multiple GNU Bash vulnerabilities
2015-05-22 00:00:00
SOL15629 - Multiple GNU Bash vulnerabilities
2014-09-25 00:00:00
jvn
jvn
JVN#55667175: QNAP QTS vulnerable to OS command injection
2014-10-28 00:00:00
openvas
openvas
McAfee Email Gateway - Bash Shellshock Code Injection Exploit
2015-01-07 00:00:00
Citrix XenServer Shellshock Security Update (CTX200223)
2014-12-18 00:00:00
seebug
seebug
Bash 4.3 远程命令执行漏洞
(破壳)
2014-09-26 00:00:00
GNU bash 4.3.11 Environment Variable dhclient Exploit
2014-10-10 00:00:00
ibm
ibm
huawei
huawei
Security Advisory-Bash Code Injection Vulnerability
2014-10-24 00:00:00
exploitpack
exploitpack
GNU bash 4.3.11 - Environment Variable dhclient
2014-10-02 00:00:00
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
2014-09-29 00:00:00
threatpost
threatpost
Researcher Takes Wraps off Undisclosed Bash Vulnerabilities
2014-10-03 05:00:50
VMware Begins to Patch Bash Issues Across Product Line
2014-10-01 14:43:47
Bash Botnet Exploit Found, Bash Patches Incomplete
2014-09-25 11:41:51
vmware
vmware
VMware product updates address critical Bash security vulnerabilities
2014-09-30 00:00:00
VMware product updates address critical Bash security vulnerabilities
2014-09-30 00:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
2014-10-05 00:00:00
CA20141001-01: Security Notice for Bash Shellshock Vulnerability
2014-10-13 00:00:00
bash code execution
2014-10-13 00:00:00
kitploit
kitploit
ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock
2021-02-10 11:30:00
cve
cve
nvidia
nvidia
zdt
zdt
DNS Reverse Lookup Shellshock Exploit
2014-10-14 00:00:00
packetstorm
packetstorm
DNS Reverse Lookup Shellshock
2014-10-13 00:00:00
GNU Bash 4.3.11 dhclient Shellshocker
2014-10-02 00:00:00
Bash Me Some More
2014-10-01 00:00:00
lenovo
lenovo
GNU Bourne-Again Shell (Bash) 'Shellshock'
2016-11-16 00:00:00
cert
cert
cvelist
cvelist
CVE-2014-6278
2014-09-30 10:00:00
CVE-2014-6277
2014-09-27 22:00:00
ubuntucve
ubuntucve
CVE-2014-6278
2014-09-30 00:00:00
CVE-2014-6277
2014-09-27 00:00:00
suse
suse
bash (important)
2014-09-28 12:05:59
Security update for bash (important)
2014-09-28 19:05:16
bash (critical)
2014-09-29 14:04:19
osv
osv
bash - security update
2014-09-26 00:00:00
redhat
redhat
(RHSA-2014:1865) Important: bash Shift_JIS security update
2014-11-17 00:00:00
(RHSA-2014:1311) Important: bash security update
2014-09-26 00:00:00
(RHSA-2014:1306) Important: bash security update
2014-09-26 00:00:00
nvd
nvd
prion
prion
Design/Logic Flaw
2014-10-13 18:55:00
Design/Logic Flaw
2014-10-03 18:55:00
Design/Logic Flaw
2014-09-30 10:55:00
freebsd
freebsd
rt42 -- vulnerabilities related to shellshock
2014-10-02 00:00:00
bash -- remote code execution
2014-09-27 00:00:00
bash -- remote code execution vulnerability
2014-09-24 00:00:00
debiancve
debiancve
mageia
mageia
Updated bash packages fix multiple security vulnerabilities
2014-10-01 13:34:33
gentoo
gentoo
Bash: Multiple vulnerabilities
2014-10-04 00:00:00
centos
centos
bash security update
2014-09-26 02:16:02
amazon
amazon
Important: bash
2014-09-24 22:26:00
arista
arista
Security Advisory 0006
2014-09-29 00:00:00
oraclelinux
oraclelinux
bash security update
2014-09-26 00:00:00
bash security update
2014-09-25 00:00:00
attackerkb
attackerkb
exploitdb
exploitdb
dhclient 4.1 - Bash Environment Variable Command Injection (Shellshock)
2014-09-29 00:00:00
ubuntu
ubuntu
Bash vulnerabilities
2014-10-09 00:00:00
fortinet
fortinet
Remote Exploit Vulnerability in Bash - (Shellshock)
2014-09-25 00:00:00
thn
thn
Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks
2014-09-26 20:07:00
debian
debian
[SECURITY] [DSA 3035-1] bash security update
2014-09-25 21:18:46
fedora
fedora
[SECURITY] Fedora 20 Update: bash-4.2.48-2.fc20
2014-09-26 09:03:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
Related for CISCO-SA-20140926-BASH