Attacker Value
Unknown
CVE-2014-7169
CVE-2014-7169
(Last updated July 25, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
Products
- arx firmware
- bash
- big ip access policy manager
- big ip access policy manager 11.6.0
- big ip advanced firewall manager
- big ip advanced firewall manager 11.6.0
- big ip analytics
- big ip analytics 11.6.0
- big ip application acceleration manager
- big ip application acceleration manager 11.6.0
- big ip application security manager
- big ip application security manager 11.6.0
- big ip edge gateway
- big ip global traffic manager
- big ip global traffic manager 11.6.0
- big ip link controller
- big ip link controller 11.6.0
- big ip local traffic manager
- big ip local traffic manager 11.6.0
- big ip policy enforcement manager
- big ip policy enforcement manager 11.6.0
- big ip protocol security module
- big ip wan optimization manager
- big ip webaccelerator
- big iq cloud
- big iq device
- big iq security
- debian linux 7.0
- enterprise linux 4.0
- enterprise linux 5.0
- enterprise linux 6.0
- enterprise linux 7.0
- enterprise linux desktop 5.0
- enterprise linux desktop 6.0
- enterprise linux desktop 7.0
- enterprise linux eus 5.9
- enterprise linux eus 6.4
- enterprise linux eus 6.5
- enterprise linux eus 7.3
- enterprise linux eus 7.4
- enterprise linux eus 7.5
- enterprise linux eus 7.6
- enterprise linux eus 7.7
- enterprise linux for ibm z systems 5.9 s390x
- enterprise linux for ibm z systems 6.4 s390x
- enterprise linux for ibm z systems 6.5 s390x
- enterprise linux for ibm z systems 7.3 s390x
- enterprise linux for ibm z systems 7.4 s390x
- enterprise linux for ibm z systems 7.5 s390x
- enterprise linux for ibm z systems 7.6 s390x
- enterprise linux for ibm z systems 7.7 s390x
- enterprise linux for power big endian 5.0 ppc
- enterprise linux for power big endian 5.9 ppc
- enterprise linux for power big endian 6.0 ppc64
- enterprise linux for power big endian 6.4 ppc64
- enterprise linux for power big endian 7.0 ppc64
- enterprise linux for power big endian eus 6.5 ppc64
- enterprise linux for power big endian eus 7.3 ppc64
- enterprise linux for power big endian eus 7.4 ppc64
- enterprise linux for power big endian eus 7.5 ppc64
- enterprise linux for power big endian eus 7.6 ppc64
- enterprise linux for power big endian eus 7.7 ppc64
- enterprise linux for scientific computing 6.0
- enterprise linux for scientific computing 7.0
- enterprise linux server 5.0
- enterprise linux server 6.0
- enterprise linux server 7.0
- enterprise linux server aus 5.6
- enterprise linux server aus 5.9
- enterprise linux server aus 6.2
- enterprise linux server aus 6.4
- enterprise linux server aus 6.5
- enterprise linux server aus 7.3
- enterprise linux server aus 7.4
- enterprise linux server aus 7.6
- enterprise linux server aus 7.7
- enterprise linux server from rhui 5.0
- enterprise linux server from rhui 6.0
- enterprise linux server from rhui 7.0
- enterprise linux server tus 6.5
- enterprise linux server tus 7.3
- enterprise linux server tus 7.6
- enterprise linux server tus 7.7
- enterprise linux workstation 5.0
- enterprise linux workstation 6.0
- enterprise linux workstation 7.0
- enterprise manager
- eos
- esx 4.0
- esx 4.1
- flex system v7000 firmware
- gluster storage server for on premise 2.1
- infosphere guardium database activity monitoring 8.2
- infosphere guardium database activity monitoring 9.0
- infosphere guardium database activity monitoring 9.1
- linux 4
- linux 5
- linux 6
- linux enterprise desktop 11
- linux enterprise desktop 12
- linux enterprise server 10
- linux enterprise server 11
- linux enterprise server 12
- linux enterprise software development kit 11
- linux enterprise software development kit 12
- mac os x
- mageia 3.0
- mageia 4.0
- netscaler sdx firmware
- open enterprise server 11.0
- open enterprise server 2.0
- opensuse 12.3
- opensuse 13.1
- opensuse 13.2
- pureapplication system
- pureapplication system 2.0.0.0
- qradar risk manager 7.1.0
- qradar security information and event manager 7.1.0
- qradar security information and event manager 7.1.1
- qradar security information and event manager 7.1.2
- qradar security information and event manager 7.2
- qradar security information and event manager 7.2.0
- qradar security information and event manager 7.2.1
- qradar security information and event manager 7.2.2
- qradar security information and event manager 7.2.3
- qradar security information and event manager 7.2.4
- qradar security information and event manager 7.2.5
- qradar security information and event manager 7.2.6
- qradar security information and event manager 7.2.7
- qradar security information and event manager 7.2.8
- qradar security information and event manager 7.2.8.15
- qradar security information and event manager 7.2.9
- qradar vulnerability manager 7.2.0
- qradar vulnerability manager 7.2.1
- qradar vulnerability manager 7.2.2
- qradar vulnerability manager 7.2.3
- qradar vulnerability manager 7.2.4
- qradar vulnerability manager 7.2.6
- qradar vulnerability manager 7.2.8
- qts
- qts 4.1.1
- san volume controller firmware
- security access manager for mobile 8.0 firmware 8.0.0.1
- security access manager for mobile 8.0 firmware 8.0.0.2
- security access manager for mobile 8.0 firmware 8.0.0.3
- security access manager for mobile 8.0 firmware 8.0.0.5
- security access manager for web 7.0 firmware 7.0.0.1
- security access manager for web 7.0 firmware 7.0.0.2
- security access manager for web 7.0 firmware 7.0.0.3
- security access manager for web 7.0 firmware 7.0.0.4
- security access manager for web 7.0 firmware 7.0.0.5
- security access manager for web 7.0 firmware 7.0.0.6
- security access manager for web 7.0 firmware 7.0.0.7
- security access manager for web 7.0 firmware 7.0.0.8
- security access manager for web 8.0 firmware 8.0.0.2
- security access manager for web 8.0 firmware 8.0.0.3
- security access manager for web 8.0 firmware 8.0.0.5
- security gateway
- smartcloud entry appliance 2.3.0
- smartcloud entry appliance 2.4.0
- smartcloud entry appliance 3.1.0
- smartcloud entry appliance 3.2.0
- smartcloud provisioning 2.1.0
- software defined network for virtual environments
- starter kit for cloud 2.2.0
- stn6500 firmware
- stn6800 firmware
- stn7800 firmware
- storwize v3500 firmware
- storwize v3700 firmware
- storwize v5000 firmware
- storwize v7000 firmware
- studio onsite 1.3
- traffix signaling delivery controller
- traffix signaling delivery controller 3.3.2
- traffix signaling delivery controller 3.4.1
- traffix signaling delivery controller 3.5.1
- traffix signaling delivery controller 4.1.0
- ubuntu linux 10.04
- ubuntu linux 12.04
- ubuntu linux 14.04
- vcenter server appliance 5.0
- vcenter server appliance 5.1
- vcenter server appliance 5.5
- virtualization 3.4
- workload deployer
- zenworks configuration management 10.3
- zenworks configuration management 11
- zenworks configuration management 11.1
- zenworks configuration management 11.2
- zenworks configuration management 11.3.0
Exploited in the Wild
References
Advisory
Miscellaneous
