cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
958
Views
0
Helpful
1
Replies

Shellshock exploit targeting email gateways (ESAs)

Anshul Sinha
Level 1
Level 1

Could you please review the attack vector described in the below article:

 

 

https://www.binarydefense.com/bds/active-shellshock-smtp-botnet-campaign/

 

An active botnet is targeting email gateways by adding scripts in email fields like to, from, body etc.

A vulnerable gateway will execute these scripts and download malware and make the gateway part of another botnet.

 

Can you please let us know if our ESAs are good enough on these attacks?

1 Reply 1

Robert Sherwin
Cisco Employee
Cisco Employee

Cisco has issued an official PSIRT notice for the GNU Bash Environmental Variable Command Injection Vulnerability (CVE-2014-6271), please refer all inquiries to:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Please refer to the expanded "Affected Products" for details on our products.

 

Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability: 

  • Cisco IOS
  • Cisco IronPort ESA/SMA
  • Cisco Private Internet eXchange (PIX)
  • Cisco Sourcefire Defense Center and Sensor products

 

Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 

This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:

http://www.cisco.com/go/psirt