Cisco NX-OS GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash) (Shellshock)
Critical Nessus Plugin ID 78693
SynopsisThe remote device is running a version of NX-OS that is affected by Shellshock.
DescriptionAccording to its self-reported version, the remote NX-OS device is affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
SolutionUpgrade to the suggested fixed version referred to in the relevant Cisco bug ID. Note that some fixed versions have not been released yet. Please contact the vendor for details.