New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9.6
Synopsis
The remote SIP server uses scripts that allow remote command execution via Shellshock.
Description
The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message.
A negative result from this plugin does not prove conclusively that the remote system is not affected by Shellshock, only that any scripts the SIP proxy may be running do not create the conditions that are exploitable via the Shellshock flaw.
Solution
Apply the referenced Bash patch or remove the affected SIP scripts / modules.