CVE-2014-7169
RCE CISA KEV ActiveTitle: F5 Big-Ip Application Security Manager RCE
RCE
Proof Of Concept
PoC Available for CVE-2014-7169
CWE Category
CWE-78
Published Date
Sep 25, 2014
Modified Date
Apr 22, 2026
Exploit Status
Available
Score
9.8
CVSS v3.1
Exploit Probability (EPSS)
89.06%
Vulnerability Summary
CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
Impacted Vendors
Reference Links
http://advisories.mageia.org/MGASA-2014-0393.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://linux.oracle.com/errata/ELSA-2014-1306.html
http://linux.oracle.com/errata/ELSA-2014-3075.html
http://linux.oracle.com/errata/ELSA-2014-3077.html
http://linux.oracle.com/errata/ELSA-2014-3078.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141216207813411&w=2
http://marc.info/?l=bugtraq&m=141216668515282&w=2
http://marc.info/?l=bugtraq&m=141235957116749&w=2
http://marc.info/?l=bugtraq&m=141319209015420&w=2
http://marc.info/?l=bugtraq&m=141330425327438&w=2
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383138121313&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141694386919794&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142805027510172&w=2
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://rhn.redhat.com/errata/RHSA-2014-1306.html
http://rhn.redhat.com/errata/RHSA-2014-1311.html
http://rhn.redhat.com/errata/RHSA-2014-1312.html
http://rhn.redhat.com/errata/RHSA-2014-1354.html
http://seclists.org/fulldisclosure/2014/Oct/0
http://secunia.com/advisories/58200
http://secunia.com/advisories/59272
http://secunia.com/advisories/59737
http://secunia.com/advisories/59907
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/60947
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61188
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61479
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61618
http://secunia.com/advisories/61619
http://secunia.com/advisories/61622
http://secunia.com/advisories/61626
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61676
http://secunia.com/advisories/61700
http://secunia.com/advisories/61703
http://secunia.com/advisories/61711
http://secunia.com/advisories/61715
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61855
http://secunia.com/advisories/61857
http://secunia.com/advisories/61873
http://secunia.com/advisories/62228
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/kb/HT6495
http://support.novell.com/security/cve/CVE-2014-7169.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://twitter.com/taviso/statuses/514887394294652929
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.debian.org/security/2014/dsa-3035
http://www.kb.cert.org/vuls/id/252743
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.openwall.com/lists/oss-security/2014/09/24/32
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.securityfocus.com/archive/1/533593/100/0/threaded
http://www.ubuntu.com/usn/USN-2363-1
http://www.ubuntu.com/usn/USN-2363-2
http://www.us-cert.gov/ncas/alerts/TA14-268A
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://access.redhat.com/articles/1200223
https://access.redhat.com/node/1200223
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/kb/HT6535
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
https://www.exploit-db.com/exploits/34879/
https://www.suse.com/support/shellshock/
http://advisories.mageia.org/MGASA-2014-0393.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
http://linux.oracle.com/errata/ELSA-2014-1306.html
http://linux.oracle.com/errata/ELSA-2014-3075.html
http://linux.oracle.com/errata/ELSA-2014-3077.html
http://linux.oracle.com/errata/ELSA-2014-3078.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141216207813411&w=2
http://marc.info/?l=bugtraq&m=141216668515282&w=2
http://marc.info/?l=bugtraq&m=141235957116749&w=2
http://marc.info/?l=bugtraq&m=141319209015420&w=2
http://marc.info/?l=bugtraq&m=141330425327438&w=2
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383138121313&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141694386919794&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142805027510172&w=2
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://rhn.redhat.com/errata/RHSA-2014-1306.html
http://rhn.redhat.com/errata/RHSA-2014-1311.html
http://rhn.redhat.com/errata/RHSA-2014-1312.html
http://rhn.redhat.com/errata/RHSA-2014-1354.html
http://seclists.org/fulldisclosure/2014/Oct/0
http://secunia.com/advisories/58200
http://secunia.com/advisories/59272
http://secunia.com/advisories/59737
http://secunia.com/advisories/59907
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/60947
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61188
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61479
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61618
http://secunia.com/advisories/61619
http://secunia.com/advisories/61622
http://secunia.com/advisories/61626
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61676
http://secunia.com/advisories/61700
http://secunia.com/advisories/61703
http://secunia.com/advisories/61711
http://secunia.com/advisories/61715
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61855
http://secunia.com/advisories/61857
http://secunia.com/advisories/61873
http://secunia.com/advisories/62228
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/kb/HT6495
http://support.novell.com/security/cve/CVE-2014-7169.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://twitter.com/taviso/statuses/514887394294652929
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.debian.org/security/2014/dsa-3035
http://www.kb.cert.org/vuls/id/252743
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015701
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.openwall.com/lists/oss-security/2014/09/24/32
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.securityfocus.com/archive/1/533593/100/0/threaded
http://www.ubuntu.com/usn/USN-2363-1
http://www.ubuntu.com/usn/USN-2363-2
http://www.us-cert.gov/ncas/alerts/TA14-268A
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://access.redhat.com/articles/1200223
https://access.redhat.com/node/1200223
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/kb/HT6535
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006
https://www.exploit-db.com/exploits/34879/
https://www.suse.com/support/shellshock/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-7169
CVSS v3.1
Source Entity
[email protected]
Severity
CRITICAL
9.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v3.1
Source Entity
134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity
CRITICAL
9.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2014-7169 Exploits & PoCs (Proof Of Concept)
Exploit-DB
https://www.exploit-db.com/exploits/34777
Exploit-DB
https://www.exploit-db.com/exploits/34895
Exploit-DB
https://www.exploit-db.com/exploits/34839
Exploit-DB
https://www.exploit-db.com/exploits/36503
Exploit-DB
https://www.exploit-db.com/exploits/36504
Exploit-DB
https://www.exploit-db.com/exploits/34766
Exploit-DB
https://www.exploit-db.com/exploits/35115
Exploit-DB
https://www.exploit-db.com/exploits/36933
Exploit-DB
https://www.exploit-db.com/exploits/34765
Exploit-DB
https://www.exploit-db.com/exploits/34860
Exploit-DB
https://www.exploit-db.com/exploits/34879
Exploit-DB
https://www.exploit-db.com/exploits/34896
Exploit-DB
https://www.exploit-db.com/exploits/34862
Exploit-DB
https://www.exploit-db.com/exploits/36609
Exploit-DB
https://www.exploit-db.com/exploits/35146
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
CVSS Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Stack
No specific products linked.