As you may have heard, an internet security vulnerability named “Bash Bug” or “ShellShock” has been identified and Video Guidance has been reviewing updates from the manufacturers along with executing multiple action plans.
The links below are the major manufacturer’s responses to this exploit. Refer to their respective web pages for updates on the Bash Bug vulnerability.
Cisco – Cisco Update
Polycom – Polycom Update
LifeSize – LifeSize Update
Acano – Acano has indicated that their products are not vulnerable to this exploit.
PEXIP – PEXIP has indicated that their products are not vulnerable to this exploit.
What is “Bash Bug”?
The Shellshock vulnerabilities affect Bash, a program that various Unix-based systems use to execute command lines and command scripts. It is often installed as the system’s default command-line interface.
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on September 24, 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.
What to do next?
In addition to patching / updating your endpoints and/or infrastructure, there are workarounds for specific products and services outlined by the manufacturers. For instance, Cisco C series, EX series, MX series, MXG2 series, SX series can be protected by disabling DHCP and SSH.
If you have any additional questions about Bash Bug or any other security concerns, please contact us at: