Bash Bug/ShellShock Updates

As you may have heard, an internet security vulnerability named “Bash Bug” or “ShellShock” has been identified and Video Guidance has been reviewing updates from the manufacturers along with executing multiple action plans.

The links below are the major manufacturer’s responses to this exploit. Refer to their respective web pages for updates on the Bash Bug vulnerability.

CiscoCisco Update
PolycomPolycom Update
LifeSizeLifeSize Update
AcanoAcano has indicated that their products are not vulnerable to this exploit.
PEXIPPEXIP has indicated that their products are not vulnerable to this exploit.

What is “Bash Bug”?

The Shellshock vulnerabilities affect Bash, a program that various Unix-based systems use to execute command lines and command scripts. It is often installed as the system’s default command-line interface.

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on September 24, 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

What to do next?

In addition to patching / updating your endpoints and/or infrastructure, there are workarounds for specific products and services outlined by the manufacturers.  For instance, Cisco C series, EX series, MX series, MXG2 series, SX series can be protected by disabling DHCP and SSH.

If you have any additional questions about Bash Bug or any other security concerns, please contact us at:

Video Guidance Help Desk
Phone: 952.400.2580
Toll Free:  866.433.2240
Video:  helpdesk@vgconnectus.com
IP Video:  207.250.17.171
Email:  support@videoguidance.com