Cisco Wireless: MSE Patch for Bash Code Injection Vulnerability , aka Shellshock [(CVE-2014-6271, CVE-2014-7169]

Wireless 1 Minute
  1. Download the patch from Cisco.com2014_10_24_13_37_52_Cisco_Systems
  2. Backup the MSE via cisco prime. Refer to my post step 12 and 13

    Cisco Wireless: Upgrading MSE from v7.5 to v8.0 via Cisco Prime

  3. SSH to the MSE
  4. Stop the MSE software2014_10_24_13_43_25_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  5.  Copy the downloaded file, mse-bash-patch.zip to the /tmp directory on MSE2014_10_24_15_01_18_MSE_8.0_Upgrade_mrn_cciew
  6.  Login to the MSE as root and navigate to /tmp directory2014_10_24_15_04_07_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  7. Unzip the files 2014_10_24_15_06_24_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  8. Perform patch2014_10_24_15_09_19_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  9. Start MSE 2014_10_24_15_14_10_MSE_NMDCBPMSE100_172.20.74.188_SecureCRT
  10. Verify MSE status from 2014_10_24_15_19_18_Cisco_Prime_Infrastructure_All_Servers_172.20.74.187

And that is all 🙂

Reference

  1. GNU Bash Environment Variable Command Injection Vulnerability

Published by CyberSecFaith

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s