GNU Bash Environment Variable Command Injection Vulnerability

2015 年 4 月 2 日 - ライター翻訳版
その他のバージョン: PDFpdf | 英語版 (2015 年 4 月 1 日) | フィードバック

Advisory ID: cisco-sa-20140926-bash

http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html

日本語による情報は、英語による原文の非公式な翻訳であり、英語原文との間で内容の齟齬がある場合には、英語原文が優先します。

Revision 1.29

Last Updated 2015 April 1 21:14 UTC (GMT)

For Public Release 2014 September 26 01:00 UTC (GMT)

関連資料:

関連する Applied Mitigation Bulletin の表示関連するイベント レスポンスの表示

要約

2014 年 9 月 24 日に、Bash シェルの脆弱性が公表されました。この脆弱性は、シェルに環境変数を渡す処理に関連しており、 シェルの起動方法によっては、攻撃者が Bash シェルにコマンドを挿入できる可能性があります。Bash シェルの起動手段は、Telnet、SSH、DHCP、Web サーバにホストされたスクリプトなど(これらに限定されません)、多岐にわたります。

バージョン 1.14 以降のすべての GNU Bash バージョンはこの脆弱性の影響を受けます。具体的な影響は、Bash シェルを使用したプロセスの特性によって異なります。最悪の場合、認証されていないリモートの攻撃者が該当サーバでコマンドを実行することが可能となります。ただし、シスコ製品を含むほどんどの場合において、脆弱性を悪用を試みる前に認証が必要です。

シスコ製品のなかには、影響を受けるバージョンの Bash シェルを搭載しているものや、それを利用するものが多くあります。 Bash シェルは GNU ソフトウェア プロジェクトの一部であるサードパーティ ソフトウェア コンポーネントで、多くのソフトウェア ベンダに利用されています。 このセキュリティ アドバイザリのバージョン公開時点で、Bash シェルで最近発見された脆弱性に該当するものが多数あり、調査を行っています。 脆弱性の影響を受ける製品については、 cisco.com download page に修正が含まれる製品のバージョンとそのバージョンの入手可能予定日の情報が記載されます。追加情報が入手可能になり次第、このアドバイザリは更新されます。シスコは、この脆弱性によって製品が影響を受けると判断した場合、この脆弱性に対応するためのソフトウェア アップデートを無償でリリースする可能性があります。このアドバイザリは、次のリンクで確認できます。
http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html

該当製品

シスコは現在、影響を受ける可能性のある製品、およびシスコ製品に対するこの脆弱性の影響範囲を判断するため、製品ラインの調査を行っています。該当するシスコ製品は、調査の進捗に伴って追加されます。

次のシスコ製品は現在調査中です。


現在調査中のシスコ製品はありません。

脆弱性が認められる製品


以下のバグの進捗をを確認するには、Cisco Bug Search Tool で詳細をご確認ください。 Save Bug を選択し、Email Notification 機能を用いてバグに更新があった際に自動で通知を受け取ることもできます。

このサブセクションに記載されている製品とサービスは、この脆弱性の影響がすでに確認されおり、調査の進行に伴って新たな製品が追加されます。

Product Defect Fixed releases availability
Network Application, Service, and Acceleration
Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 CSCur02931 Contact TAC for upgrade options.
Cisco Application Control Engine (ACE10 and ACE20) CSCur07312 Contact TAC for upgrade options.
Cisco Application Control Engine (ACE30/ ACE 4710) CSCur02195 (A patch is available for vulnerable releases.)
A5(3.1b) (30-Nov-14)
Cisco Application and Content Networking System (ACNS) CSCur05564 5.5.37 (5-Dec-14)
Cisco DC Health Check CSCur09963 DCAF 4.0 (Available)
Cisco GSS 4492R Global Site Selector CSCur02747 4.1(3.0.7) (Available)
3.2(0.1.4) (Available)
Cisco NAC Appliance CSCur03364 A patch file is available for vulnerable releases.
Cisco Smart Call Home CSCur05551 A patch file is available for vulnerable releases.
Cisco Sourcefire Defense Center and Sensor Product
 None 4.10 (Available)
5.2 (Available)
5.3 (Available)
Cisco Visual Quality Experience Server CSCur06775 3.6 (Available)
3.7 (Available)
3.8 (Available)
3.9 (Available)
Cisco Visual Quality Experience Tools Server CSCur06775 3.6 (Available)
3.7 (Available)
3.8 (Available)
3.9 (Available)
Cisco Wide Area Application Services (WAAS) CSCur02917 A patch file is available for 4.4.x releases and 5.2.1b.
5.0.3h (Available)
5.1.1h (Available)
5.3.5c (25-Nov-14)
Network and Content Security Devices
Cisco ASA CX and Cisco Prime Security Manager CSCur01959 9.3.2.1 (Available)
Cisco Clean Access Manager CSCur05566 A patch file is available for vulnerable releases.
Cisco FireSIGHT CSCur05199 (A patch file is available for vulnerable releases.)
5.3.0.3 (30-Nov-2014)
5.3.1.1 (Available)
5.2.0.7 (Available)
4.10.3.10 (Available)
Cisco Identity Services Engine (ISE) CSCur00532 1.3.0.876 (Available)
1.2.0 Patch 12 (Available)
1.2.1 Patch 3 (Available)
1.1.3 Patch 12 (12-Dec-14)
1.1.4 Patch 12 (12-Dec-14)
Cisco Intrusion Prevention System Solutions (IPS) CSCur00552 7.1.9 (Available)
7.3.3 (Jan 2015)
Cisco IronPort Encryption Appliance CSCur02831 (A patch file is available for vulnerable releases)
Cisco NAC Guest Server CSCur05629 A patch file is available for vulnerable releases.
Cisco NAC Server CSCur05575 A patch file is available for vulnerable releases.
Cisco Physical Access Gateway CSCur05343 1.5.3 (15-Apr-2015)
Cisco Physical Access Manager CSCur05357 1.5.2 (Available)
Cisco Secure Access Control Server (ACS) CSCur00511 A patch is available for vulnerable releases.
Cisco Virtual Security Gateway for Microsoft Hyper-V CSCur05042 is 5.2(1)VSG2(1.2a) (30-Nov-14)
Network Management and Provisioning
Cisco Access Registrar Appliance Cisco Prime Access Registrar Appliance CSCur10557 5.x (Available)
6.x (Available)
Cisco Application Networking Manager CSCur06823 5.2.5 (Available)
Cisco MXE Series CSCur05088 3.3.2. (Available)
Cisco Media Experience Engines (MXE) CSCur05088 3.3.2. (Available)
Cisco NetFlow Collection Agent CSCur05232 A patch file is available for vulnerable releases.
6.2 (Available 1-Jun-2015)
Cisco Network Analysis Module CSCur05225 A patch file is available for vulnerable releases.
6.2 (Available 1-Jun-2015)
Cisco Prime Collaboration Assurance CSCur04820 10.5 (Available)
10.6 (15-Dec-2014)
Cisco Prime Collaboration Deployment CSCur07766 A patch is available for vulnerable releases
10.5.2 (31-Dec-2014)
Cisco Prime IP Express CSCur05200 8.2.0.5 (31-Jan-2015)
Cisco Prime Infrastructure CSCur05228 A patch is available for vulnerable releases
2.1.2 (available)
Cisco Prime LAN Management Solution CSCur05125 LMS 4.2.5 (31-Dec-2014) via patch
Cisco Prime License Manager CSCur05098 10.5.1 SU (available)
10.5.2 (31-Dec-2014)
Cisco Prime Network Registrar (CPNR) Jumpstart CSCur05136 8.2.2.1 (Available)
8.1.3.3 (31-Jan-2015)
7.2.3.5 (31-Jan-2015)
Cisco Prime Network Services Controller CSCur05617 PNSC 3.4.1 (Available)
Cisco Prime Service Catalog Virtual Appliance CSCur10723 PSC 10.0-R2 (Available)
Cisco UCS Central CSCur05093 1.2(1d) (Available)
Data Center Analytics Framework (DCAF) CSCur09685 4.0 (available)
Digital Media Manager (DMM) CSCur03217 Patch is available for the following releases:
5.3 - 5.3.6
5.3.6_RB1 - 5.3.6_RB2
5.4- 5.4.1
5.4.1_RB1
5.4.1_RB2
Local Collector Appliance (LCA) CSCur05780 2.2.6.1 (Available)
2.2.7
Network Configuration and Change Management CSCur05794 A patch file is available for vulnerable releases.
Prime Collaboration Provisioning CSCur04871 A patch file is available for vulnerable releases.
Unified Communication Audit Tool (UCAT) CSCur05121 Affected systems have been patched.
Routing and Switching - Enterprise and Service Provider
Cisco ASR 5000 Series CSCur04507 14.0.23 (Available)
15.0.24 (Available)
Cisco IOS-XE for ASR1k, ASR903, ISR4400, CSR1000v CSCur02734 15.4(2)S2/XE3.12.2S (Available)
15.4(3)S1/XE3.13.1S (Available)
15.5(1)S/XE3.14.0S (30-Nov-2015)
15.4(1)S3/XE3.11.3S (30-Nov-2014)
15.3(3)S5/XE3.10.5S (31-Jan-2015)
15.2(4)S7/XE3.7.7S (27-Feb-2015)
Cisco IOS-XE for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10) CSCur03368 15.1(2)SG5/3.4.5SG (21-Nov-2014)
15.0(2)SG10/3.2.10SG (31-Dec-2014)
15.2(1)E1/3.6.1E (28-Nov-2014)
15.0(1)EZ5/3.3.5SE (Available)
Cisco MDS CSCur01099 (A patch file is available for vulnerable releases.)
Cisco Nexus 1000 Virtual Supervisor Module (VSM) CSCur04438 N1KV Vmware N1KV 5.2(1)SV3(1.2) (mid-November 2014)
N1KV HyperV release 5.2(1)SM2(1.1) (1-Dec-2014)
Cisco Nexus 1010 CSCur04510 5.2(1)SP1(7.2) (Available)
Cisco Nexus 3000 / 3500 CSCur04934 6.0(2)U5(1) (Available)
6.0(2)U4(2) (Available)
6.0(2)U3(4) (Available)
6.0(2)U2(11Z) (Available)
Cisco Nexus 4000 CSCur05610 4.1(2)E1(1n) (1-Dec-2014)
Cisco Nexus 5000/6000 CSCur05017 Gold Coast MR8 5.2(1)N1(8b) (Available)
Harbord Plus MR4(a) 6.0(2)N2(5a) (Available)
Iluka MR4 7.0(5)N1(1) (Available)
Cisco Nexus 7000 Series Switches CSCur04856 5.2(9a) (Available)
6.1(5a) (Available)
6.2(8b) (Available)
6.2(10) (Available)
Cisco Nexus 7000 CSCuq98748 5.2(9a) (Available)
6.1(5a) (Available)
6.2(8b) (Available)
6.2(10) (Available)
Cisco Nexus 9000 Switches CSCur05011 6.1(2)I3(1) (Available)
Cisco Nexus 9000 running NxOS CSCur02700 6.1(2)I2(1) (Available)
6.1(2)I2(2) (Available)
6.1(2)I2(2a) (Available)
6.1(2)I2(2b) (Available)
6.1(2)I2(3) (Available)
6.1(2)I3(1) (Available)
Cisco Nexus 9000 CSCur02102 11.0(1d) (Available)
Cisco OnePK All-in-One VM CSCur04925 (Available - use vendor patch.)
Cisco Quantum SON Suite CSCur05662 (Affected systems to be patched by 1-Feb-2015.)
Cisco Quantum Virtualized Packet Core CSCur05662 (Affected systems to be patched by 1-Feb-2015.)
Cisco Service Control Engine 1010 CSCur05021 A patch file will be available for Cisco Service Control Engine 8000 by 30-Nov-14.
A patch file will be available for Cisco Service Control Engine 10000 by 19-Dec-14.
Cisco Service Control Engine 8000 CSCur05021 A patch file will be available for Cisco Service Control Engine 8000 by 30-Nov-14.
A patch file will be available for Cisco Service Control Engine 10000 by 19-Dec-14.
Cisco Virtual Switch Update Manager CSCur12303 1.1 (Available)
IOS-XR for Cisco Network Convergence System (NCS) 6000 CSCur02177 5.2.3 (31-Dec-2014)
5.0.1 (SMU available 31-Nov-2014)
5.2.1 (SMU available 31-Nov-2014)
Routing and Switching - Small Business
Cisco WAG310G Residential Gateway CSCur05525 Contact TAC for upgrade options.
Unified Computing
Cisco Standalone rack server CIMC CSCur03816 1.4(3x/y) (25-Nov-14)
1.5(7d) (25-Nov-14)
2.0(3f/g) (25-Nov-14)
2.0(4x) (25-Nov-14)
2.0(2x) (25-Nov-14)
Cisco UCS Director CSCur02877 A patch file is available for vulnerable releases.
Cisco UCS Invicta Appliance CSCur05026 5.0.1.2 (Available)
Cisco UCS Manager CSCur01379 3.0(1d) (Available)
2.2(3b) (Available)
2.2(2e) (Available)
2.2(1f) (Available)
2.1(3f) (Available)
2.0(5g) (Available)
Cisco USC Invicta Series Autosupport Portal CSCur07304 5.0.1.2 (Available)
Cisco USC Invicta Series CSCur04651 5.0.1.2 (Available)
Cisco Unified Computing System B-Series (Blade) Servers CSCur05081 3.0.2 (15-Feb-2015)
Cisco Unified Computing System E-Series Blade Server CSCur05553 3.0.1 (Available July 2015)
Cisco Virtual Security Gateway CSCur95323 5.2(1)VSG2(1.2c) (Available)
Cisco Virtualization Experience Client 6215 CSCur05844 (A patch file is available for vulnerable releases.)
10.6 (22-Jan-15)
Voice and Unified Communications Devices
Cisco Business Edition 3000 (BE3k) CSCur08462 Contact TAC for upgrade options.
Cisco Emergency Responder CSCur05434 Patch - Available (applicable to all previous CER version 8.x
9.x
10.x)
Cisco Finesse CSCur02866 A patch file is available for vulnerable releases
Cisco Hosted Collaboration Mediation Fulfillment CSCur05477 (A patch file is available for affected releases.)
Cisco IM and Presence Service (CUPS) CSCur05454 (A patch file is available for affected releases.)
10.5.1 SU2 (Available)
Cisco IP Interoperability and Collaboration System (IPICS) CSCur05245 IPICS 4.8.2
Cisco MediaSense CSCur02875 9.1 ES (Available)
10.5SU (Patch Available) - Will work with ANY supported version of MS
Cisco Paging Server (Informacast) CSCur04834 9.0.2 (Available)
Cisco SocialMiner CSCur02880 (A patch file is available for affected releases.)
10.6(1) (17-Dec-2014)
Cisco Unified Communications Domain Manager CSCur01180 A patch file is available for vulnerable releases.
Cisco Unified Communications Manager (CUCM) CSCur00930 A patch file is available for vulnerable releases.
10.5(1.11011.1) (Available)
10.0(1.13012.1) (Available)
9.1(2.13060.1) (Available)
8.6(2.26147.1) (Available)
8.5(1.17131.2) (Available)
Cisco Unified Contact Center Express (UCCX) CSCur02861 A patch file is available for vulnerable releases.
10.6(1) (3-Dec-2014)
Cisco Unified Intelligence Center (CUIC) CSCur02891 A patch file is available for vulnerable releases.
CUIC 11.0(1) (30-Jun-2015)
Cisco Unified Quick Connect CSCur05412 Contact TAC for upgrade options.
Cisco Unity Connection (UC) CSCur05328 A patch file is available for vulnerable releases.
8.6.2ES153 (Available)
9.1.2ES67 (Available)
10.5.1ES74 (Available)
8.5.1 (mid-December 2014)
Video, Streaming, TelePresence, and Transcoding Devices
Cisco AutoBackup Server CSCur09315 Shellshock-1.0.1 (for all DBDS Linux 5.x
6.x products) - Patch Available
Cisco D9036 Modular Encoding Platform CSCur04504 V02.02.30 (Available)
Cisco Digital Media Manager (DMM) CSCur03539 5.3.1 (Available)
5.3.7 (Available)
5.3.10 (Available)
5.3.11 (Available)
5.3.12 (Available)
5.5 (Available)
Cisco Digital Media Player (DMP) 4310 CSCur05628 5.3(6)RB(2P) (Available)
5.4(1)RB(2P) (Available)
Cisco Download Server (DLS) (RH Based) CSCur09318 Shellshock-1.0.1 (for all DBDS Linux 5.x
6.x products) - Patch Available
Cisco Edge 300 Digital Media Player CSCur02761 A patch (V1.6.0) file is available for vulnerable releases.
Cisco Edge 340 Digital Media Player CSCur02751 1.1.0.4
1.2 (20-Dec-14)
Cisco Enterprise Content Delivery Service CSCur02848 2.6.3 (Available)
Cisco Media Experience Engine (MXE) CSCur04893 3.3.2. (Available)
Cisco PowerVu D9190 Conditional Access Manager (PCAM) CSCur05774 1.1 (Available 30-Apr-2015)
Cisco Show and Share (SnS) CSCur03539 5.3.1 (Available)
5.3.7 (Available)
5.3.10 (Available)
5.3.11 (Available)
5.3.12 (Available)
5.5 (Available)
Cisco StadiumVision Director CSCur30139 StadiumVision: 3.2 build 520 (SP2) (Available)
Cisco StadiumVision Mobile Reporter CSCur30167 2.0.1 (build 1) (Available)
Cisco StadiumVision Mobile Streamer CSCur30155 2.0.1 (build 1) (Available)
Cisco TelePresence 1310 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence Conductor CSCur02103 XC2.4.1 (Available)
XC2.3.1 (Available)
Cisco TelePresence Exchange System (CTX) CSCur05335 1.3.0.4.2.0 (7-Nov-2014)
Cisco TelePresence ISDN Link CSCur05025 1.1.4 (Available)
Cisco TelePresence Manager (CTSMan) CSCur05104 1.9.4 (Available)
Cisco TelePresence Multipoint Switch (CTMS) CSCur05344 1.8.x (Patch file available)
1.9.7 (Available)
Cisco TelePresence Recording Server (CTRS) CSCur05038 A patch file available for vulnerable releases.
Cisco TelePresence System 1000 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 1100 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 1300 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 3000 Series CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 500-32 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 500-37 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence TE Software (for E20 - EoL) CSCur05162 4.1.5 (Available)
Cisco TelePresence TX 9000 Series CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence Video Communication Server (VCS/Expressway) CSCur01461 X8.2.2 (available).
X7.2.4 (available)
X8.1.2 (available)
Cisco TelePresence endpoints (C series, EX series, MX series, MXG2 series, SX series) and the 10" touch panel CSCur02591 5.1.13 (Available)
6.0.4 (Available)
6.1.4 (Available)
6.3.3 (Available)
7.2.1 (Available)
Cisco VDS Service Broker CSCur05679 VDS-SB 1.4 (1-Dec-2014)
Cisco Video Distribution Suite for Internet Streaming VDS-IS CSCur05320 3.3.1b112 (Available)
4.0.0b157 (Available)
4.1.0b036 (March 2015)
Cisco Video Surveillance Media Server CSCur05423 (A patch file is available for affected releases.) 7.6.0 (15-Dec-14)
Cisco Virtual PGW 2200 Softswitch CSCur05847 A patch file is available for vulnerable releases.
Cisco Hosted Services
Cisco Cloud Services CSCur05334 (Affected systems have been patched.)
Cisco Common Services Platform Collector CSCur07881 Affected systems have been patched.
Cisco Intelligent Automation for Cloud CSCur05134 4.1.0.81287.195 (Available)
Cisco Life Cycle Management (LCM) CSCur05242 Affected systems have been patched.
Cisco NetAuthenticate CSCur05632 Affected systems have been updated.
Cisco Proactive Network Operations Center CSCur05856 (Affected systems have been patched.)
Cisco Smart Care CSCur05638 1.13.2.1 (Available)
Cisco Universal Small Cell CloudBase CSCur05647 (Affected systems have been patched.)
Cisco WebEx Node CSCur10599 (Affected systems have been patched.
Network Performance Analytics (NPA) CSCur05788 (Affected systems have been patched.)
Web Element Manager CSCur09009 (Affected systems have been patched.)

Product Defect Fixed releases availability
Cable Modems
Cisco Video Surveillance Media Server CSCur05423 (A patch file is available for affected releases.) 7.6.0 (15-Dec-14)
Network Application, Service, and Acceleration
Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 CSCur02931 Contact TAC for upgrade options.
Cisco Application Control Engine (ACE10 and ACE20) CSCur07312 Contact TAC for upgrade options.
Cisco Application Control Engine (ACE30/ ACE 4710) CSCur02195 (A patch is available for vulnerable releases.)
A5(3.1b) (30-Nov-14)
Cisco Application and Content Networking System (ACNS) CSCur05564 5.5.37 (5-Dec-14)
Cisco DC Health Check CSCur09963 DCAF 4.0 (Available)
Cisco GSS 4492R Global Site Selector CSCur02747 4.1(3.0.7) (Available)
3.2(0.1.4) (Available)
Cisco NAC Appliance CSCur03364 A patch file is available for vulnerable releases.
Cisco Smart Call Home CSCur05551 A patch file is available for vulnerable releases.
Cisco Visual Quality Experience Server CSCur06775 3.6 (Available)
3.7 (Available)
3.8 (Available)
3.9 (Available)
Cisco Visual Quality Experience Tools Server CSCur06775 3.6 (Available)
3.7 (Available)
3.8 (Available)
3.9 (Available)
Cisco Wide Area Application Services (WAAS) CSCur02917 A patch file is available for 4.4.x releases and 5.2.1b.
5.0.3h (Available)
5.1.1h (Available)
5.3.5c (25-Nov-14)
Network and Content Security Devices
Cisco ASA CX and Cisco Prime Security Manager CSCur01959 9.3.2.1 (Available)
Cisco Clean Access Manager CSCur05566 A patch file is available for vulnerable releases.
Cisco FireSIGHT CSCur05199 (A patch file is available for vulnerable releases.)
5.3.0.3 (30-Nov-2014)
5.3.1.1 (Available)
5.2.0.7 (Available)
4.10.3.10 (Available)
Cisco Identity Services Engine (ISE) CSCur00532 1.3.0.876 (Available)
1.2.0 Patch 12 (Available)
1.2.1 Patch 3 (Available)
1.1.3 Patch 12 (12-Dec-14)
1.1.4 Patch 12 (12-Dec-14)
Cisco Intrusion Prevention System Solutions (IPS) CSCur00552 7.1.9 (Available)
7.3.3 (Jan 2015)
Cisco IronPort Encryption Appliance CSCur02831 (A patch file is available for vulnerable releases)
Cisco NAC Guest Server CSCur05629 A patch file is available for vulnerable releases.
Cisco NAC Server CSCur05575 A patch file is available for vulnerable releases.
Cisco Physical Access Gateway CSCur05343 1.5.3 (15-Apr-2015)
Cisco Physical Access Manager CSCur05357 1.5.2 (Available)
Cisco Secure Access Control Server (ACS) CSCur00511 A patch is available for vulnerable releases.
Cisco Virtual Security Gateway for Microsoft Hyper-V CSCur05042 is 5.2(1)VSG2(1.2a) (30-Nov-14)
Network Management and Provisioning
Cisco Access Registrar Appliance Cisco Prime Access Registrar Appliance CSCur10557 5.x (Available)
6.x (Available)
Cisco Application Networking Manager CSCur06823 5.2.5 (Available)
Cisco MXE Series CSCur05088 3.3.2. (Available)
Cisco Media Experience Engines (MXE) CSCur05088 3.3.2. (Available)
Cisco NetFlow Collection Agent CSCur05232 A patch file is available for vulnerable releases.
6.2 (Available 1-Jun-2015)
Cisco Network Analysis Module CSCur05225 A patch file is available for vulnerable releases.
6.2 (Available 1-Jun-2015)
Cisco Prime Collaboration Assurance CSCur04820 10.5 (Available)
10.6 (15-Dec-2014)
Cisco Prime Collaboration Deployment CSCur07766 A patch is available for vulnerable releases
10.5.2 (31-Dec-2014)
Cisco Prime IP Express CSCur05200 8.2.0.5 (31-Jan-2015)
Cisco Prime Infrastructure CSCur05228 A patch is available for vulnerable releases
2.1.2 (available)
Cisco Prime LAN Management Solution CSCur05125 LMS 4.2.5 (31-Dec-2014) via patch
Cisco Prime License Manager CSCur05098 10.5.1 SU (available)
10.5.2 (31-Dec-2014)
Cisco Prime Network Registrar (CPNR) Jumpstart CSCur05136 8.2.2.1 (Available)
8.1.3.3 (31-Jan-2015)
7.2.3.5 (31-Jan-2015)
Cisco Prime Network Services Controller CSCur05617 PNSC 3.4.1 (Available)
Cisco Prime Service Catalog Virtual Appliance CSCur10723 PSC 10.0-R2 (Available)
Cisco UCS Central CSCur05093 1.2(1d) (Available)
Data Center Analytics Framework (DCAF) CSCur09685 4.0 (available)
Digital Media Manager (DMM) CSCur03217 Patch is available for the following releases:
5.3 - 5.3.6
5.3.6_RB1 - 5.3.6_RB2
5.4- 5.4.1
5.4.1_RB1
5.4.1_RB2
Local Collector Appliance (LCA) CSCur05780 2.2.6.1 (Available)
2.2.7
Network Configuration and Change Management CSCur05794 A patch file is available for vulnerable releases.
Prime Collaboration Provisioning CSCur04871 A patch file is available for vulnerable releases.
Unified Communication Audit Tool (UCAT) CSCur05121 Affected systems have been patched.
Routing and Switching - Enterprise and Service Provider
Cisco ASR 5000 Series CSCur04507 14.0.23 (Available)
15.0.24 (Available)
Cisco IOS-XE for ASR1k, ASR903, ISR4400, CSR1000v CSCur02734 15.4(2)S2/XE3.12.2S (Available)
15.4(3)S1/XE3.13.1S (Available)
15.5(1)S/XE3.14.0S (30-Nov-2015)
15.4(1)S3/XE3.11.3S (30-Nov-2014)
15.3(3)S5/XE3.10.5S (31-Jan-2015)
15.2(4)S7/XE3.7.7S (27-Feb-2015)
Cisco IOS-XE for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10) CSCur03368 15.1(2)SG5/3.4.5SG (21-Nov-2014)
15.0(2)SG10/3.2.10SG (31-Dec-2014)
15.2(1)E1/3.6.1E (28-Nov-2014)
15.0(1)EZ5/3.3.5SE (Available)
Cisco MDS CSCur01099 (A patch file is available for vulnerable releases.)
Cisco Nexus 1000 Virtual Supervisor Module (VSM) CSCur04438 N1KV Vmware N1KV 5.2(1)SV3(1.2) (mid-November 2014)
N1KV HyperV release 5.2(1)SM2(1.1) (1-Dec-2014)
Cisco Nexus 1010 CSCur04510 5.2(1)SP1(7.2) (Available)
Cisco Nexus 3000 / 3500 CSCur04934 6.0(2)U5(1) (Available)
6.0(2)U4(2) (Available)
6.0(2)U3(4) (Available)
6.0(2)U2(11Z) (Available)
Cisco Nexus 4000 CSCur05610 4.1(2)E1(1n) (1-Dec-2014)
Cisco Nexus 5000/6000 CSCur05017 Gold Coast MR8 5.2(1)N1(8b) (Available)
Harbord Plus MR4(a) 6.0(2)N2(5a) (Available)
Iluka MR4 7.0(5)N1(1) (Available)
Cisco Nexus 7000 Series Switches CSCur04856 5.2(9a) (Available)
6.1(5a) (Available)
6.2(8b) (Available)
6.2(10) (Available)
Cisco Nexus 7000 CSCuq98748 5.2(9a) (Available)
6.1(5a) (Available)
6.2(8b) (Available)
6.2(10) (Available)
Cisco Nexus 9000 Switches CSCur05011 6.1(2)I3(1) (Available)
Cisco Nexus 9000 running NxOS CSCur02700 6.1(2)I2(1) (Available)
6.1(2)I2(2) (Available)
6.1(2)I2(2a) (Available)
6.1(2)I2(2b) (Available)
6.1(2)I2(3) (Available)
6.1(2)I3(1) (Available)
Cisco Nexus 9000 CSCur02102 11.0(1d) (Available)
Cisco OnePK All-in-One VM CSCur04925 (Available - use vendor patch.)
Cisco Quantum SON Suite CSCur05662 (Affected systems to be patched by 1-Feb-2015.)
Cisco Quantum Virtualized Packet Core CSCur05662 (Affected systems to be patched by 1-Feb-2015.)
Cisco Service Control Engine 1010 CSCur05021 A patch file will be available for Cisco Service Control Engine 8000 by 30-Nov-14.
A patch file will be available for Cisco Service Control Engine 10000 by 19-Dec-14.
Cisco Service Control Engine 8000 CSCur05021 A patch file will be available for Cisco Service Control Engine 8000 by 30-Nov-14.
A patch file will be available for Cisco Service Control Engine 10000 by 19-Dec-14.
Cisco Virtual Switch Update Manager CSCur12303 1.1 (Available)
IOS-XR for Cisco Network Convergence System (NCS) 6000 CSCur02177 5.2.3 (31-Dec-2014)
5.0.1 (SMU available 31-Nov-2014)
5.2.1 (SMU available 31-Nov-2014)
Routing and Switching - Small Business
Cisco WAG310G Residential Gateway CSCur05525 Contact TAC for upgrade options.
Unified Computing
Cisco Standalone rack server CIMC CSCur03816 1.4(3x/y) (25-Nov-14)
1.5(7d) (25-Nov-14)
2.0(3f/g) (25-Nov-14)
2.0(4x) (25-Nov-14)
2.0(2x) (25-Nov-14)
Cisco UCS Director CSCur02877 A patch file is available for vulnerable releases.
Cisco UCS Invicta Appliance CSCur05026 5.0.1.2 (Available)
Cisco UCS Manager CSCur01379 3.0(1d) (Available)
2.2(3b) (Available)
2.2(2e) (Available)
2.2(1f) (Available)
2.1(3f) (Available)
2.0(5g) (Available)
Cisco USC Invicta Series Autosupport Portal CSCur07304 5.0.1.2 (Available)
Cisco USC Invicta Series CSCur04651 5.0.1.2 (Available)
Cisco Unified Computing System B-Series (Blade) Servers CSCur05081 3.0.2 (15-Feb-2015)
Cisco Unified Computing System E-Series Blade Server CSCur05553 3.0.1 (Available July 2015)
Cisco Virtual Security Gateway CSCur95323 5.2(1)VSG2(1.2c) (Available)
Cisco Virtualization Experience Client 6215 CSCur05844 (A patch file is available for vulnerable releases.)
10.6 (22-Jan-15)
Voice and Unified Communications Devices
Cisco Business Edition 3000 (BE3k) CSCur08462 Contact TAC for upgrade options.
Cisco Emergency Responder CSCur05434 Patch - Available (applicable to all previous CER version 8.x
9.x
10.x)
Cisco Finesse CSCur02866 A patch file is available for vulnerable releases
Cisco Hosted Collaboration Mediation Fulfillment CSCur05477 (A patch file is available for affected releases.)
Cisco IM and Presence Service (CUPS) CSCur05454 (A patch file is available for affected releases.)
10.5.1 SU2 (Available)
Cisco IP Interoperability and Collaboration System (IPICS) CSCur05245 IPICS 4.8.2
Cisco MediaSense CSCur02875 9.1 ES (Available)
10.5SU (Patch Available) - Will work with ANY supported version of MS
Cisco Paging Server (Informacast) CSCur04834 9.0.2 (Available)
Cisco SocialMiner CSCur02880 (A patch file is available for affected releases.)
10.6(1) (17-Dec-2014)
Cisco Unified Communications Domain Manager CSCur01180 A patch file is available for vulnerable releases.
Cisco Unified Communications Manager (CUCM) CSCur00930 A patch file is available for vulnerable releases.
10.5(1.11011.1) (Available)
10.0(1.13012.1) (Available)
9.1(2.13060.1) (Available)
8.6(2.26147.1) (Available)
8.5(1.17131.2) (Available)
Cisco Unified Contact Center Express (UCCX) CSCur02861 A patch file is available for vulnerable releases.
10.6(1) (3-Dec-2014)
Cisco Unified Intelligence Center (CUIC) CSCur02891 A patch file is available for vulnerable releases.
CUIC 11.0(1) (30-Jun-2015)
Cisco Unified Quick Connect CSCur05412 Contact TAC for upgrade options.
Cisco Unity Connection (UC) CSCur05328 A patch file is available for vulnerable releases.
8.6.2ES153 (Available)
9.1.2ES67 (Available)
10.5.1ES74 (Available)
8.5.1 (mid-December 2014)
Video, Streaming, TelePresence, and Transcoding Devices
Cisco AutoBackup Server CSCur09315 Shellshock-1.0.1 (for all DBDS Linux 5.x
6.x products) - Patch Available
Cisco D9036 Modular Encoding Platform CSCur04504 V02.02.30 (Available)
Cisco Digital Media Manager (DMM) CSCur03539 5.3.1 (Available)
5.3.7 (Available)
5.3.10 (Available)
5.3.11 (Available)
5.3.12 (Available)
5.5 (Available)
Cisco Digital Media Player (DMP) 4310 CSCur05628 5.3(6)RB(2P) (Available)
5.4(1)RB(2P) (Available)
Cisco Download Server (DLS) (RH Based) CSCur09318 Shellshock-1.0.1 (for all DBDS Linux 5.x
6.x products) - Patch Available
Cisco Edge 300 Digital Media Player CSCur02761 A patch (V1.6.0) file is available for vulnerable releases.
Cisco Edge 340 Digital Media Player CSCur02751 1.1.0.4
1.2 (20-Dec-14)
Cisco Enterprise Content Delivery Service CSCur02848 2.6.3 (Available)
Cisco Media Experience Engine (MXE) CSCur04893 3.3.2. (Available)
Cisco PowerVu D9190 Conditional Access Manager (PCAM) CSCur05774 1.1 (Available 30-Apr-2015)
Cisco Show and Share (SnS) CSCur03539 5.3.1 (Available)
5.3.7 (Available)
5.3.10 (Available)
5.3.11 (Available)
5.3.12 (Available)
5.5 (Available)
Cisco StadiumVision Director CSCur30139 StadiumVision: 3.2 build 520 (SP2) (Available)
Cisco StadiumVision Mobile Reporter CSCur30167 2.0.1 (build 1) (Available)
Cisco StadiumVision Mobile Streamer CSCur30155 2.0.1 (build 1) (Available)
Cisco TelePresence 1310 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence Conductor CSCur02103 XC2.4.1 (Available)
XC2.3.1 (Available)
Cisco TelePresence Exchange System (CTX) CSCur05335 1.3.0.4.2.0 (7-Nov-2014)
Cisco TelePresence ISDN Link CSCur05025 1.1.4 (Available)
Cisco TelePresence Manager (CTSMan) CSCur05104 1.9.4 (Available)
Cisco TelePresence Multipoint Switch (CTMS) CSCur05344 1.8.x (Patch file available)
1.9.7 (Available)
Cisco TelePresence Recording Server (CTRS) CSCur05038 A patch file available for vulnerable releases.
Cisco TelePresence System 1000 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 1100 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 1300 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 3000 Series CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 500-32 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence System 500-37 CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence TE Software (for E20 - EoL) CSCur05162 4.1.5 (Available)
Cisco TelePresence TX 9000 Series CSCur05163 1.9.8 (Available)
6.1.5.1 (Available)
1.10.8.1 (Available)
Cisco TelePresence Video Communication Server (VCS/Expressway) CSCur01461 X8.2.2 (available).
X7.2.4 (available)
X8.1.2 (available)
Cisco TelePresence endpoints (C series, EX series, MX series, MXG2 series, SX series) and the 10" touch panel CSCur02591 5.1.13 (Available)
6.0.4 (Available)
6.1.4 (Available)
6.3.3 (Available)
7.2.1 (Available)
Cisco VDS Service Broker CSCur05679 VDS-SB 1.4 (1-Dec-2014)
Cisco Video Distribution Suite for Internet Streaming VDS-IS CSCur05320 3.3.1b112 (Available)
4.0.0b157 (Available)
4.1.0b036 (March 2015)
Cisco Virtual PGW 2200 Softswitch CSCur05847 A patch file is available for vulnerable releases.
Cisco Hosted Services
Cisco Cloud Services CSCur05334 (Affected systems have been patched.)
Cisco Common Services Platform Collector CSCur07881 Affected systems have been patched.
Cisco Intelligent Automation for Cloud CSCur05134 4.1.0.81287.195 (Available)
Cisco Life Cycle Management (LCM) CSCur05242 Affected systems have been patched.
Cisco NetAuthenticate CSCur05632 Affected systems have been updated.
Cisco Proactive Network Operations Center CSCur05856 (Affected systems have been patched.)
Cisco Smart Care CSCur05638 1.13.2.1 (Available)
Cisco Universal Small Cell CloudBase CSCur05647 (Affected systems have been patched.)
Cisco WebEx Node CSCur10599 (Affected systems have been patched.
Network Performance Analytics (NPA) CSCur05788 (Affected systems have been patched.)
Web Element Manager CSCur09009 (Affected systems have been patched.)

脆弱性が認められない製品


注意:以下のリストには、お客様が用意されたホスト(物理サーバまたは仮想マシン)上の お客様が用意されたオペレーティング システムにインストールするシスコ アプリケーションが含まれています。 それらの製品は、製品がインストールされているホスト オペレーティング システムによって提供される Bash シェルを使用する場合があります。 それらのシスコの製品が脆弱性のあるバージョンの Bash シエルを直接含んでいなくても(つまり脆弱性の影響を受けなくても)、 シスコはお客様がインストールされているホスト オペレーティング システムを確認し、 オペレーティング システム ベンダの推奨と一般的なオペレーティング システム セキュリティのベスト プラクティスに基いて、 この脆弱性に対処するために必要なアップグレードを行うことをお勧めします。

分析の結果、次のシスコ製品は脆弱性の影響を受けないことがわかっています。

Cable Modems
  • Cisco Prime Network Registrar (CPNR)
  • Digital Life RMS and Cisco Broadband Access Center Telco Wireless

Collaboration and Social Media
  • Cisco Meetingplace
  • Cisco WebEx Meetings Server (CWMS)
  • Cisco WebEx Node for MCS
  • Cisco WebEx Social

Endpoint Clients and Client Software
  • Cisco IP Communicator
  • Cisco Jabber Guest 10.0(2)
  • Cisco NAC Agent for Mac
  • Cisco NAC Agent for web
  • Cisco UC Integration for Microsoft Lync
  • Cisco Unified Personal Communicator
  • Cisco Unified Video Advantage

Network Application, Service, and Acceleration
  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Extensible Network Controller (XNC)
  • Cisco Firewall Services Module
  • Cisco Nexus Data Broker Cisco Extensible Network Controller (XNC)
  • Cisco Openflow Agent
  • Content Services Switch

Network and Content Security Devices
  • Cisco ASA Content Security and Control (CSC) Security Services Module
  • Cisco Adaptive Security Device Manager (ASDM)
  • Cisco Content Security Appliance Updater Servers
  • Cisco Email Security Appliance (ESA)
  • Cisco Ironport WSA
  • Cisco Security Management Appliance (SMA)

Network Management and Provisioning
  • Cisco Connected Grid Network Management System
  • Cisco Insight reporter
  • Cisco MATE (MATE collector, MATE Live, MATE Design)
  • Cisco Media Gateway Controller Node Manager
  • Cisco Multicast Manager
  • Cisco Network Collector
  • Cisco Prime Access Registrar
  • Cisco Prime Analytics
  • Cisco Prime Cable Provisioning
  • Cisco Prime Central for SPs
  • Cisco Prime Data Center Network Manager
  • Cisco Prime Home
  • Cisco Prime Network
  • Cisco Prime Optical for SPs
  • Cisco Prime Performance Manager for SPs
  • Cisco Quantum Policy Suite (QPS)
  • Cisco Security Manager
  • Cisco TelePresence MPS Series
  • Cisco Unified Provisioning Manager (CUPM)
  • CiscoWorks Network Compliance Manager
  • Network Profiler
  • Security Module for Cisco Network Registrar
  • Unified Communications Deployment Tools

Routing and Switching - Enterprise and Service Provider
  • CRS-CGSE-PLIM CRS-CGSE-PLUS
  • Cisco 1000 Series Connected Grid Routers
  • Cisco ASR 9000 Series Integrated Service Module
  • Cisco Application Policy Infrastructure Controller
  • Cisco Broadband Access Center Telco Wireless
  • Cisco Connected Grid Device Manager
  • Cisco Connected Grid Routers (CGR)

  • Cisco IOS
  • Cisco IOS-XR running on
    • Cisco ASR 9000 Series Aggregation Services Routers 
    • Cisco CRS Routers
    • Cisco XR 12000 Series Routers
  • Cisco Metro Ethernet 1200 Series Access Devices
  • Cisco ONS 15454 Series Multiservice Provisioning Platforms
  • Cisco Prime Provisioning for SPs
  • Cisco Service Control Application for Broadband
  • Cisco Service Control Collection Manager
  • Cisco Service Control Engine 2020
  • Cisco Service Control Subscriber Manager
  • Cisco VPN Acceleration Engine
Routing and Switching - Small Business
  • Cisco RV180W Wireless-N Multifunction VPN Router
  • Cisco Small Business AP500 Series Wireless Access Points
  • Cisco Small Business ISA500 Series Integrated Security Appliances
  • Cisco Small Business RV 120W Wireless-N VPN Firewall
  • Cisco Small Business RV Series Routers 0xxv3
  • Cisco Small Business RV Series Routers RV110W
  • Cisco Small Business RV Series Routers RV130x
  • Cisco Small Business RV Series Routers RV215W
  • Cisco Small Business RV Series Routers RV220W
  • Cisco Small Business RV Series Routers RV315W
  • Cisco Small Business RV Series Routers RV320
  • Cisco Sx220 switches
  • Cisco WAP4410N Wireless-N Access Point

Unified Computing
  • Cisco Common Services Platform Collector
  • Cisco Intercloud Fabric
  • Cisco UCS Series Fabric Extenders I/O Modules

Voice and Unified Communications Devices
  • Cisco 190 ATA Series Analog Terminal Adaptor
  • Cisco ATA 187 Analog Telephone Adaptor
  • Cisco Agent Desktop for Cisco Unified Contact Center Express
  • Cisco Agent Desktop
  • Cisco Broadband Access Center for Cable Tools Suite 4.1 Cisco Broadband Access Center for Cable Tools Suite 4.2 Cisco Prime Cable Provisioning Tools Suite 5.0 Cisco Prime Cable Provisioning Tools Suite 5.1
  • Cisco Computer Telephony Integration Object Server (CTIOS)
  • Cisco Desktop Collaboration Experience DX650
  • Cisco Desktop Collaboration Experience DX70 and DX80
  • Cisco H.323 Signaling Interface
  • Cisco IP Phone 8800 Series
  • Cisco Jabber for Windows
  • Cisco MS200X Ethernet Access Switch
  • Cisco PGW 2200 Softswitch
  • Cisco Packaged Contact Center Enterprise
  • Cisco Remote Silent Monitoring
  • Cisco SPA112 2-Port Phone Adapter
  • Cisco SPA122 ATA with Router
  • Cisco SPA232D Multi-Line DECT ATA
  • Cisco SPA50X Series IP Phones
  • Cisco SPA51X Series IP Phones
  • Cisco SPA525G2 5-Line IP Phone
  • Cisco SPA8000 8-port IP Telephony Gateway
  • Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
  • Cisco Sx300 switches
  • Cisco Sx500 Switches
  • Cisco TAPI Service Provider (TSP)
  • Cisco Unified 3900 series IP Phones
  • Cisco Unified 6900 series IP Phones
  • Cisco Unified 6911 IP Phones
  • Cisco Unified 6945 IP Phones
  • Cisco Unified 7800 series IP Phones
  • Cisco Unified 8961 IP Phone
  • Cisco Unified 9951 IP Phone
  • Cisco Unified 9971 IP Phone
  • Cisco Unified Attendant Console Advanced
  • Cisco Unified Attendant Console Business Edition
  • Cisco Unified Attendant Console Department Edition
  • Cisco Unified Attendant Console Enterprise Edition
  • Cisco Unified Attendant Console Premium Edition
  • Cisco Unified Attendant Console Standard Edition
  • Cisco Unified Client Services Framework
  • Cisco Unified Communications Sizing Tool
  • Cisco Unified Communications Widgets Click To Call
  • Cisco Unified Contact Center Enterprise
  • Cisco Unified E-Mail Interaction Manager
  • Cisco Unified IP Conference Phone 8831
  • Cisco Unified IP Phone 7900 Series
  • Cisco Unified Integration for IBM Sametime
  • Cisco Unified Intelligence Center
  • Cisco Unified Intelligent Contact Management Enterprise
  • Cisco Unified Operations Manager (CUOM)
  • Cisco Unified SIP Proxy
  • Cisco Unified Service Monitor
  • Cisco Unified Service Statistics Manager
  • Cisco Unified Web Interaction Manager
  • Cisco Unified Wireless IP Phone
  • Cisco Unified Workforce Optimization
  • Cisco Unity Express
  • Cisco Universal Small Cell RAN Management System Wireless
  • Cisco Virtualization Experience Media Engine
  • xony VIM/CCDM/CCMP

Video, Streaming, TelePresence, and Transcoding Devices
  • Cisco AnyRes Live (CAL)
  • Cisco AnyRes VOD (CAV)
  • Cisco Command 2000 Server (cmd2k) (RH Based)
  • Cisco Command 2000 Server (cmd2k)
  • Cisco Common Download Server (CDLS)
  • Cisco D9034-S Encoder
  • Cisco D9054 HDTV Encoder
  • Cisco D9804 Multiple Transport Receiver
  • Cisco D9824 Advanced Multi Decryption Receiver
  • Cisco D9854/D9854-I Advanced Program Receiver
  • Cisco D9858 Advanced Receiver Transcoder
  • Cisco D9859 Advanced Receiver Transcoder
  • Cisco D9865 Satellite Receiver
  • Cisco DCM Series 990x-Digital Content Manager
  • Cisco DNCS Application Server (AppServer)
  • Cisco Digital Network Control System (DNCS)
  • Cisco Digital Transport Adapter Control System (DTACS)
  • Cisco Download Server (DLS)
  • Cisco Explorer Control Suite (ECS)
  • Cisco Explorer Controller (EC)
  • Cisco IPTV Service Delivery System (ISDS)
  • Cisco IPTV
  • Cisco International Digital Network Control System (iDNCS)
  • Cisco Internet Streamer CDS
  • Cisco Jabber Video for TelePresence (Movi)
  • Cisco Jabber for TelePresence (Movi)
  • Cisco Linear Stream Manager
  • Cisco Model D9485 DAVIC QPSK
  • Cisco Powerkey CAS Gateway (PCG)
  • Cisco Powerkey Encryption Server (PKES)
  • Cisco Remote Conditional Access System (RCAS)
  • Cisco Remote Network Control System (RNCS)
  • Cisco TelePresence Advanced Media Gateway Series
  • Cisco TelePresence Content Server (TCS)
  • Cisco TelePresence IP Gateway Series
  • Cisco TelePresence IP VCR Series
  • Cisco TelePresence ISDN GW 3241
  • Cisco TelePresence ISDN GW MSE 8321
  • Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)
  • Cisco TelePresence MXP Software
  • Cisco TelePresence Management Suite (TMS)
  • Cisco TelePresence Management Suite Analytics Extension (TMSAE)
  • Cisco TelePresence Management Suite Extension (TMSXE)
  • Cisco TelePresence Management Suite Extension for IBM
  • Cisco TelePresence Management Suite Provisioning Extension
  • Cisco TelePresence Serial Gateway Series
  • Cisco TelePresence Server 8710, 7010
  • Cisco TelePresence Server on Multiparty Media 310, 320
  • Cisco TelePresence Server on Virtual Machine
  • Cisco TelePresence Supervisor MSE 8050
  • Cisco Transaction Encryption Device (TED)
  • Cisco Video Surveillance 3000 Series IP Cameras
  • Cisco Video Surveillance 4000 Series High-Definition IP Cameras
  • Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
  • Cisco Video Surveillance 6000 Series IP Cameras
  • Cisco Video Surveillance 7000 Series IP Cameras
  • Cisco Video Surveillance PTZ IP Cameras
  • Cisco Videoscape Back Office (VBO)
  • Cisco Videoscape Conductor
  • Cisco Videoscape Distribution Suite Transparent Caching
  • Cloud Object Store (COS)
  • D9859 Advanced Receiver Transcoder
  • Digital Media Player(DMP) 4400 Digital Media Player(DMP) 4310
  • Media Services Interface
  • Tandberg Codian ISDN GW 3210/3220/3240
  • Tandberg Codian MSE 8320 model
  • VDS-Recorder
  • VDS-TV Caching GW
  • VDS-TV Streamer
  • VDS-TV Vault

Wireless
  • Cisco Aironet Access Points running Cisco IOS
  • Cisco Meraki Cloud Managed Indoor Access Points
  • Cisco Meraki Cloud-Managed Outdoor Access Points
  • Cisco Meraki MS Access Switches
  • Cisco Mobility Services Engine (MSE)
  • Cisco RF Gateway 1 (RFGW-1)
  • Cisco Wireless Control System (WCS)
  • Cisco Wireless LAN Controller (WLC)
  • Cisco Wireless Location Appliance (WLA)
Cisco Hosted Services
  • Business Video Services Automation Software (BV)
  • Cisco Cloud Email Security
  • Cisco Cloud and Systems Management
  • Cisco Connected Analytics For Collaboration
  • Cisco Connected Analytics for Network Deployment (CAND)
  • Cisco Install Base Management (IBM)
  • Cisco One View
  • Cisco Registered Envelope Service (CRES)
  • Cisco SLIM
  • Cisco Serial Number Assessment Service (SNAS)
  • Cisco Services Provisioning Platform (SPP) for MSA
  • Cisco Smart Net Total Care (SNTC)
  • Cisco Unified Services Delivery Platform (CUSDP)
  • Cisco Universal Small Cell 5000 Series
  • Cisco Universal Small Cell 7000 Series
  • Cisco WebEx Meeting Clients and Productivity Tools
  • Cisco WebEx Messenger Service
  • Cisco WebEx WebOffice & Workspace
  • IC Capture
  • IMS
  • Partner Support Service (PSS) 1.x
  • SI component of Partner Support Service
  • Small Cell Factory Recovery
  • Smart Net Total Care
  • WebEx Connect
  • WebEx Event Center, Meeting Center, Training Center, and Sales Center
  • WebEx PCNow
  • WebEx QuickBooks
  • WebEx11 Application Server

詳細

Bash シェルは、処理環境を通じてシェルの変数および関数を親から子へエクスポートできます。関数定義は、関数と同じ名前の環境変数を使用して渡され、() { で始まります。

子 Bash プロセスは、関数定義内の閉じカッコ } の処理後も、コードの処理と実行を停止しません。攻撃者は、FUNCT=() { ignored; }; /bin/id のような関数変数を定義すれば、その環境が子プロセスにインポートされるときに、/bin/id を実行できます。

この脆弱性がシスコ製品に及ぼす影響は、製品によって異なる可能性があります。SSH など、一部の攻撃手段では、悪用するためには認証に成功する必要があり、ユーザに新たな権限が与えられない場合もあります。

この脆弱性には、Common Vulnerabilities and Exposures(CVE)ID として、CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 および CVE-2014-7187 が割り当てられています。

プラットフォームで稼働している Bash のバージョンが修正済みかどうを確認するためのツールが複数作成されていますが、 それらの中には誤った結果を出力したり、Bash シェルをクラッシュさせるものがあります。 Cisco Bug Search Tool で提供されるそれそれの バグ ID についての情報により修正コードを含んだソフトウェア バージョンを確認できますので、製品への脆弱性の影響の有無を確認するためにご使用ください。

脆弱性スコア詳細

シスコはこのアドバイザリでの脆弱性に対して Common Vulnerability Scoring System(CVSS)に基づいたスコアを提供しています。本セキュリティ アドバイザリでの CVSS スコアは、CVSS バージョン 2.0 に基づいています。

CVSS は、脆弱性の重要度を示唆するもので、緊急性および対応の優先度を決定する組織の手助けとなる標準ベースの評価法です。

シスコでは、基本評価スコア(Base Score)および現状評価スコア(Temporal Score)を提供しています。お客様はこれらを用いて環境評価スコア(Environmental Score)を算出し、自身のネットワークにおける脆弱性の影響度を知ることができます。

シスコは次のリンクで CVSS に関する追加情報を提供しています。

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

またシスコでは、各ネットワークにおける環境影響度を算出する CVSS 計算ツールを次のリンクで提供しています。

http://tools.cisco.com/security/center/cvssCalculator.x


Attack Vectors That Do Not Require Authentication

CVSS Base Score - 7.5

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Network

Low

None

Partial

Partial

Partial

CVSS Temporal Score - 7.1

Exploitability

Remediation Level

Report Confidence

Functional

Not Defined

Confirmed


影響

この脆弱性がシスコ製品に与える影響は、製品によって異なります。この脆弱性の悪用に成功すると、承認されていない攻撃者が Bash シェルからコマンドを実行できる可能性があります。具体的な影響については、このアドバイザリに掲載されている不具合詳細のリンク先をご覧ください。

ソフトウェア バージョンおよび修正

ソフトウェアのアップグレードを検討する場合は、http://www.cisco.com/go/psirt/ の Cisco Security Advisories, Responses, and Notices アーカイブや、後続のアドバイザリを参照して、起こりうる障害を判断し、それに対応できるアップグレード ソリューションを確認してください。

いずれの場合も、アップグレードするデバイスに十分なメモリがあること、現在のハードウェアとソフトウェアの構成が新規リリースで引き続き正しくサポートされていることを十分に確認してください。不明な点については、Cisco Technical Assistance Center(TAC)もしくは契約しているメンテナンス プロバイダーにお問い合わせください。


回避策

この脆弱性には、該当システム上で直接実行できるような対応策はありません。ただし、一部のお客様は次に示すネットワークベースの対応策を使用できる可能性があります。
  • Cisco Intrusion Protection System(IPS)シグニチャ 4689-0 が作成され、リリース S824 で使用可能となっています。
  • Cisco Source Fire は、Bash の脆弱性の検出、およびこの脆弱性からネットワークを守るために、Snort シグニチャ 31975 - 31977, 31985, 32038-32039, 32041-32043, 32045-32047, および 32049 を公開しました。
シスコはこの脆弱性の Event Response を公開しました。
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Bash_09252014.html

ネットワーク内のシスコデバイスに導入できる対応策については、このアドバイザリの付属ドキュメント『Cisco Applied Intelligence』を参照してください。
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35836

修正済みソフトウェアの入手

シスコはこのアドバイザリに記載された脆弱性に対処する無償のソフトウェア アップデートを提供しています。ソフトウェアの導入を行う前に、お客様のメンテナンス プロバイダーにご相談いただくか、ソフトウェアのフィーチャ セットの互換性およびお客様のネットワーク環境の特有の問題をご確認ください。

お客様がインストールしたりサポートを受けたりできるのは、ご購入いただいたフィーチャ セットに対してのみとなります。そのようなソフトウェア アップグレードをインストール、ダウンロード、アクセスまたはその他の方法で使用した場合、お客様は http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html に記載のシスコのソフトウェア ライセンスの条項に従うことに同意したことになります。

サービス契約をご利用のお客様

サービス契約をご利用のお客様は、通常のアップデート チャネルからアップグレード ソフトウェアを入手してください。ほとんどのお客様は、Cisco.com の Software Navigator からアップグレードを入手することができます。http://www.cisco.com/cisco/software/navigator.html

サードパーティのサポート会社をご利用のお客様

シスコ パートナー、正規販売代理店、サービス プロバイダーなど、サードパーティのサポート会社と以前に契約していたか、または現在契約しており、その会社からシスコ製品の提供または保守を受けているお客様は、該当するサポート会社に連絡し、正しい処置についてのサポートを受けてください。

回避策や修正の効果は、使用している製品、ネットワーク トポロジー、トラフィックの性質や組織の目的などに関するお客様の状況によって異なります。影響を受ける製品やリリースは多種多様であるため、回避策を実施する前に、対象ネットワークで適用する回避策または修正が最適であることを、お客様のサービス プロバイダーやサポート会社にご確認ください。

サービス契約をご利用でないお客様

シスコから製品を直接購入したもののシスコのサービス契約をご利用いただいていない場合、または、サードパーティ ベンダーから購入したものの修正済みソフトウェアを購入先から入手できない場合は、Cisco Technical Assistance Center(TAC)に連絡してアップグレード ソフトウェアを入手してください。

  • +1 800 553 2447(北米からの無料通話)
  • +1 408 526 7209(北米以外からの有料通話)
  • E メール:tac@cisco.com

無償アップグレードの対象製品であることを証明していただくために、製品のシリアル番号と、本アドバイザリの URL をご用意ください。サービス契約をご利用でないお客様は TAC に無償アップグレードをリクエストしてください。

さまざまな言語向けの各地の電話番号、説明、E メール アドレスなどの、この他の TAC の連絡先情報については、シスコ ワールドワイドお問い合わせ先(http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html)を参照してください。

不正利用事例と公式発表

この脆弱性は、Stephane Chazelas 氏によって報告され、2014 年 9 月 24 日に GNU Foundation によって発表されました。

この通知のステータス:Final

本アドバイザリは無保証のものとしてご提供しており、いかなる種類の保証を示唆するものでもありません。本アドバイザリの情報およびリンクの使用に関する責任の一切はそれらの使用者にあるものとします。またシスコはいつでも本ドキュメントの変更や更新を実施する権利を有します。

後述する情報配信の URL を省略し、本アドバイザリの記述内容に関して単独の転載や意訳を実施した場合には、事実誤認ないし重要な情報の欠落を含む統制不可能な情報の伝搬が行われる可能性があります。


情報配信

このアドバイザリは次のリンクにある Cisco Security Intelligence Operations に掲載されます。

http://www.cisco.com/cisco/web/support/JP/112/1126/1126247_cisco-sa-20140926-bash-j.html

また、このアドバイザリのテキスト版が Cisco PSIRT PGP キーによるクリア署名つきで次の E メールで配信されています。

  • cust-security-announce@cisco.com
  • first-bulletins@lists.first.org
  • bugtraq@securityfocus.com
  • vulnwatch@vulnwatch.org
  • cisco@spot.colorado.edu
  • cisco-nsp@puck.nether.net
  • fulldisclosure@seclists.org

本アドバイザリに関する今後の更新は Cisco.com に掲載されますが、メーリング リストで配信されるとは限りません。更新内容については、本アドバイザリの URL でご確認ください。

今後のドキュメントや関連コンテンツの入手手順については、Security Vulnerability Policy ページの Receiving Security Vulnerability Information from Cisco を参照してください。


更新履歴

Revision 1.29 2015-April-01 Updated Fixed Software table and Products Confirmed Not Vulnerable sections.
Revision 1.28 2015-March-02 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.27 J2015-January-12 Updated Fixed Software table.
Revision 1.26 2014-December-05 Updated Fixed Software table.
Revision 1.25 2014-November-24 Updated Fixed Software table.
Revision 1.24 2014-November-22 Updated Fixed Software table.
Revision 1.23 2014-November-20 Updated Fixed Software table.
Revision 1.22 2014-November-18 Updated Fixed Software table.
Revision 1.21 2014-November-13 Updated Fixed Software table.
Revision 1.20 2014-November-12 Updated Fixed Software table.
Revision 1.19 2014-November-10 Updated Fixed Software table.
Revision 1.18 2014-November-07 Updated Fixed Software table
Revision 1.17 2014-November-06 Updated Fixed Software table
Revision 1.16 2014-November-05 Updated Fixed Software table
Revision 1.15 2014-November-04 Updated Fixed Software table
Revision 1.14 2014-November-03 Added Fixed Software table
Revision 1.13 2014-October-22 Updated the Products Confirmed Not Vulnerable section.
Revision 1.12 2014-October-15 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.11 2014-October-10 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.10 2014-October-09 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.9 2014-October-08 Updated details on where to find fix information, details on testing tools, and the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.8 2014-October-06 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.7 2014-October-03 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.6 2014-October-02 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.5 2014-October-01 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.4 2014-September-30 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.3 2014-September-29 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.2 2014-September-27 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.1 2014-September-26 Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections.
Revision 1.0 2014-September-26 Initial public release

シスコ セキュリティ手順

シスコ製品におけるセキュリティの脆弱性の報告、セキュリティ事故に関するサポート、およびシスコからセキュリティ情報を入手するための登録方法の詳細については、Cisco.com の http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html を参照してください。この Web ページには、Cisco Security Advisory に関してメディアが問い合わせる際の指示が掲載されています。すべての Cisco Security Advisory は、http://www.cisco.com/go/psirt/ で確認することができます。