Cisco has begun its response to
the Bash “Shell Shocked” vulnerability, the 20-year-old bug that's sent the
*nix world into a frenzy.It's going to be a long slog for the Borg, but in
its advisory, Cisco has so far identified 31 individual products
vulnerable to Shell Shocked, compared to seven confirmed not vulnerable. Another
23 products are under investigation at this stage.
The vulnerable systems fall under
the following categories: three in its network application, service and
acceleration line; three in network content and security (the identity services
engine, intrusion prevention systems, and its access control server); the
Unified Intelligence Center management system; various switches including the
Nexus line; unified computing and unified communications products; and a bunch
of telepresence products.
Software updates are available
for the vulnerable systems, the company says.Cisco also says it's created a
signature for its IPS and Snort products so that attempts to exploit Shell
Shocked can be spotted and blocked.
The all-clear siren has been
blown for Cisco's Adaptive Security Appliance; IOS; IOS-XR on ASR 9000, CRS,
and XR 1200 routers; IronPort ESA/SMA; Private Internet eXchange; Sourcefire
Defense Center and Sensor products; and wireless LAN controllers.Last week was
a busy week for the Borg, with security bugs also getting swatted in IOS domain
naming, NAT, metadata services, SIP, DHCP and RSVP software. ®
No comments:
Post a Comment
Note: only a member of this blog may post a comment.