10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Added: 03/24/2016
CVE: CVE-2014-6278
BID: 70166
GNU Bash (Bourne Again SHell) is a command shell commonly used on Linux and Unix systems.
Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure.
The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a remote attacker to cause arbitrary commands to execute when Cisco UCS Manager handles specially crafted HTTPS requests.
Upgrade to Cisco UCS Manager 3.0(1d), 2.2(3b), 2.2(2e), 2.2(1f), 2.1(3f), or 2.0(5g).
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash>
Exploit works on Cisco UCS Manager 2.1(1b).