You can read our official

Chester Rieman · ‎09-26-2014

Looks like informacast is vulnerable:

admin@singlewire:~$ uname -a
Linux singlewire 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686 GNU/Linux

admin@singlewire:/$ bash --version
GNU bash, version 3.2.39(1)-release (i486-pc-linux-gnu)

admin@singlewire:~$ env X="() { :;} ; echo busted" `which bash` -c "echo completed"
busted
completed

Many users may still have the default password set for the admin cli account as well.

Tried to fix but need root:

admin@singlewire:~$ sudo apt-get install --only-upgrade bash

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for admin:
Sorry, user admin is not allowed to execute '/usr/bin/apt-get install --only-upgrade bash' as root on singlewire.

Have a case open with TAC - will be interesting to see how this will get addressed :-)

jsteinhauer · ‎09-26-2014

The Cisco PSIRT is investigating the impact of this vulnerability on Cisco products and will disclose any vulnerabilities according to our security policy, which is available at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html .

An INTERIM Cisco Security Advisory was published on September 25th, 2014 and is available at the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

The Cisco PSIRT will update this Cisco Security Advisory as more information becomes available.

Chester Rieman · ‎10-21-2014

Any Updates - I have not heard back from singlewire as to when/how they will address this issue.

jsteinhauer · ‎10-21-2014

You can read our official statement about shellshock.

You can download the shellshock update for InformaCast 9.0.2 from singlewire.com or cisco.com.

- Jerry

informacast shellshock vulnerability