Is our Cisco routers secure/patched from "Shellshock Bash Exploit"
Currently the DPC3825 is vulnerable.
Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
That being said, exposure is pretty low, as the modem has to be serving *something* that a remote attacker can exploit. Currently most exploits attack SSH and HTTP/CGI. Neither of these services are available on the modem. There is a small possibility that the HTTP server could be exploited, if the attacker got on your internal network, and if you have enabled the VPN or L2TP servers, that might provide another vector (this time remotely exploitable) but all these (HTTP/VPN/L2TP) attacks would have to be quite targeted and specialized and be utilizing another bug to reach the bash shell.
We are working with Cisco to obtain a patched firmware to deploy.
Rest assured that our technicians will (or more likely, have) run tests on all of our Unix-based servers to test for this. It will only affect Unix-based systems, not individual routers.
There is a great page at What is the Shellshock Bash bug and why does it matter? that includes a quick test to run if you are vulnerable on your Mac or Linux computer.
But there’s a problem: Bash is so widespread, and installed on so many devices—such as cable modems, routers, and other devices with embedded Linux operating systems
Hope they are quickly cheching
Except stuff like Shaw's modem/router combo units, I would say they are likely not vurnable, due to not being able to get to the bash shell
Are you aware of any such bug that could be used to reach the shell?
I am not aware of any.
Had to try
Retrieving data ...