CVE-2014-6271

Confirmed PUBLISHED

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to...

GNU · Bash
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

cisa apache nuclei_scanner metasploit
CVE Published
Sep 24, 2014
Exploitation Reported
Jan 28, 2022
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • SUSE-SU-2014:1223 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034...
  • HPSBMU03165 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577137423233&w=2
  • SSRT101816 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142719845423222&w=2
  • HPSBHF03119 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141216668515282&w=2
  • RHSA-2014:1295 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2014-1295.html
Show 165 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.