Bash Vulnerability: CVE-2014-6271 (aka: Shellshock)
October 6th, 2014

When the BASH vulnerability, better known as Shellshock, was announced on Sept. 24th by US-CERT, ICSA Labs started examining all of the certified products that were determined to be potentially vulnerable. Of the 43 products or product families (representing a total of over 250 products) examined, ICSA Labs found that 50% of the products were not vulnerable, and 25% of the products that were potentially vulnerable had patches released by the vendors very quickly to address the issue. With respect to the remaining 25% of products, ICSA Labs is still working to determine whether a vulnerability does or does not exist. Several of these vendors have been unresponsive, and if they do not respond to ICSA Labs inquiries, these products could be potentially decertified.

Updates to follow when warranted.