A major high severity vulnerability, CVE-2014-6271, has been spreading quickly and impacting a wide range of businesses! The vulnerability, also known as “bash,” involves a UNIX type command shell that’s included in most distributions of Apple OS X and Linux. So how does the vulnerability work? An attacker is able to exploit the vulnerability, then create environment variables that include malicious code.
The vulnerability is dangerous due to the ease of exploitation. What does ease of exploitation mean? Well, in the simplest terms, an attacker can:
- Gain access to sensitive information.
- Manipulate or steal business data.
- Remotely execute code to disrupt operations.
In addition, the vulnerability presents a fairly unique risk to businesses. Why? There’s a lot of targets – from web servers to software that uses the bash interpreter, the vulnerability can be exploited at any moment. Over the past few days, researchers have been looking into the vulnerability to determine whether or not other interpreters, such as JSP, PHP, Perl, or Python, are affected as well.
Sometimes, an interpreter uses bash to execute specific functions, and as a result, other interpreters could also be used to exploit the vulnerability. Ultimately, the impact is high because a wide range of embedded devices, including routers, wireless access points, and home appliances, use CGI scripts.
We are working hard to learn more about this “Bash” bug and will post additional information on our blog when we learn more.
Feeling concerned about the vulnerability? To learn more, or to schedule a no-obligation security assessment, give us a call or send us an email. We are here to help you reduce the risk of an attack.
My passion is to make my mark on the world in a positive and lasting way. I want to set an example for my son that his father can compete with integrity in today’s world, be very successful, and leave the world a better place for him.
Combining my technical/business-based education with a long career steadily progressing up the corporate ladder, I decided to build a company that held true to my values. So, I founded and designed the next generation of IT support firm: CTECH Consulting Group Inc. We are a completely automated, cloud-based IT company designed to compete against any other IT firm without the overhead. We promote a lifestyle to all our staff where they can work anywhere, at any time, access any information on any device that is relevant to their job, and collaborate with anyone they want to.