CVE-2014-7169

Confirmed PUBLISHED

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables,...

GNU · Bash
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

cisa apache
CVE Published
Sep 25, 2014
Exploitation Reported
Jan 28, 2022
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • HPSBMU03165 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141577137423233&w=2
  • HPSBHF03119 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141216668515282&w=2
  • HPSBST03131 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=141383138121313&w=2
  • SSRT101819 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142721162228379&w=2
  • HPSBMU03245 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=142358026505815&w=2
Show 155 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.