CVE-2014-7169

Name: CVE-2014-7169
Creator: NVD / NIST
Published: 2014-09-25T01:55:04.367+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 99.94%

Last modified Jun 17, 2026

CVE-2014-7169 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.94% chance of exploitation in the next 30 days.

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

99.94%

100.0th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jul 28, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Gnu	Bash	<= 4.3	—
Arista	Eos	>= 4.9.0, < 4.9.12	—
Arista	Eos	>= 4.10.0, < 4.10.9	—
Arista	Eos	>= 4.11.0, < 4.11.11	—
Arista	Eos	>= 4.12.0, < 4.12.9	—
Arista	Eos	>= 4.13.0, < 4.13.9	—
Arista	Eos	>= 4.14.0, < 4.14.4f	—
Oracle	Linux	4	—
Oracle	Linux	5	—
Oracle	Linux	6	—
Qnap	Qts	< 4.1.1	—
Qnap	Qts	4.1.1	—
Mageia	Mageia	3.0	—
Mageia	Mageia	4.0	—
Redhat	Gluster Storage Server For On-Premise	2.1	—
Redhat	Virtualization	3.4	—
Redhat	Enterprise Linux	4.0	—
Redhat	Enterprise Linux	5.0	—
Redhat	Enterprise Linux	6.0	—
Redhat	Enterprise Linux	7.0	—
Redhat	Enterprise Linux Desktop	5.0	—
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Eus	5.9	—
Redhat	Enterprise Linux Eus	6.4	—
Redhat	Enterprise Linux Eus	6.5	—
Redhat	Enterprise Linux Eus	7.3	—
Redhat	Enterprise Linux Eus	7.4	—
Redhat	Enterprise Linux Eus	7.5	—
Redhat	Enterprise Linux Eus	7.6	—
Redhat	Enterprise Linux Eus	7.7	—
Redhat	Enterprise Linux For Ibm Z Systems	5.9_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	6.4_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	6.5_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	7.3_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	7.4_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	7.5_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	7.6_s390x	—
Redhat	Enterprise Linux For Ibm Z Systems	7.7_s390x	—
Redhat	Enterprise Linux For Power Big Endian	5.0_ppc	—
Redhat	Enterprise Linux For Power Big Endian	5.9_ppc	—
Redhat	Enterprise Linux For Power Big Endian	6.0_ppc64	—
Redhat	Enterprise Linux For Power Big Endian	6.4_ppc64	—
Redhat	Enterprise Linux For Power Big Endian	7.0_ppc64	—
Redhat	Enterprise Linux For Power Big Endian Eus	6.5_ppc64	—
Redhat	Enterprise Linux For Power Big Endian Eus	7.3_ppc64	—
Redhat	Enterprise Linux For Power Big Endian Eus	7.4_ppc64	—
Redhat	Enterprise Linux For Power Big Endian Eus	7.5_ppc64	—
Redhat	Enterprise Linux For Power Big Endian Eus	7.6_ppc64	—
Redhat	Enterprise Linux For Power Big Endian Eus	7.7_ppc64	—

Showing 50 of 228 affected configurations. See NVD for the full list.

References

http://advisories.mageia.org/MGASA-2014-0393.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlBroken Link
http://jvn.jp/en/jp/JVN55667175/index.htmlThird Party Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126Third Party Advisory, VDB Entry
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1306.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3075.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3077.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3078.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlMailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=141216207813411&w=2Mailing List
http://marc.info/?l=bugtraq&m=141216668515282&w=2Mailing List
http://marc.info/?l=bugtraq&m=141235957116749&w=2Mailing List
http://marc.info/?l=bugtraq&m=141319209015420&w=2Mailing List
http://marc.info/?l=bugtraq&m=141330425327438&w=2Mailing List
http://marc.info/?l=bugtraq&m=141330468527613&w=2Mailing List
http://marc.info/?l=bugtraq&m=141345648114150&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383026420882&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383081521087&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383138121313&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383196021590&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383244821813&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383304022067&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383353622268&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383465822787&w=2Mailing List
http://marc.info/?l=bugtraq&m=141450491804793&w=2Mailing List
http://marc.info/?l=bugtraq&m=141576728022234&w=2Mailing List
http://marc.info/?l=bugtraq&m=141577137423233&w=2Mailing List
http://marc.info/?l=bugtraq&m=141577241923505&w=2Mailing List
http://marc.info/?l=bugtraq&m=141577297623641&w=2Mailing List
http://marc.info/?l=bugtraq&m=141585637922673&w=2Mailing List
http://marc.info/?l=bugtraq&m=141694386919794&w=2Mailing List
http://marc.info/?l=bugtraq&m=141879528318582&w=2Mailing List
http://marc.info/?l=bugtraq&m=142113462216480&w=2Mailing List
http://marc.info/?l=bugtraq&m=142118135300698&w=2Mailing List
http://marc.info/?l=bugtraq&m=142358026505815&w=2Mailing List
http://marc.info/?l=bugtraq&m=142358078406056&w=2Mailing List
http://marc.info/?l=bugtraq&m=142721162228379&w=2Mailing List
http://marc.info/?l=bugtraq&m=142805027510172&w=2Mailing List
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlExploit, Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2014-1306.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1311.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1312.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1354.htmlThird Party Advisory
http://seclists.org/fulldisclosure/2014/Oct/0Mailing List, Third Party Advisory
http://secunia.com/advisories/58200Broken Link
http://secunia.com/advisories/59272Broken Link
http://secunia.com/advisories/59737Broken Link
http://secunia.com/advisories/59907Broken Link
http://secunia.com/advisories/60024Broken Link
http://secunia.com/advisories/60034Broken Link
http://secunia.com/advisories/60044Broken Link
http://secunia.com/advisories/60055Broken Link
http://secunia.com/advisories/60063Broken Link
http://secunia.com/advisories/60193Broken Link
http://secunia.com/advisories/60325Broken Link
http://secunia.com/advisories/60433Broken Link
http://secunia.com/advisories/60947Broken Link
http://secunia.com/advisories/61065Broken Link
http://secunia.com/advisories/61128Broken Link
http://secunia.com/advisories/61129Broken Link
http://secunia.com/advisories/61188Broken Link
http://secunia.com/advisories/61283Broken Link
http://secunia.com/advisories/61287Broken Link
http://secunia.com/advisories/61291Broken Link
http://secunia.com/advisories/61312Broken Link
http://secunia.com/advisories/61313Broken Link
http://secunia.com/advisories/61328Broken Link
http://secunia.com/advisories/61442Broken Link
http://secunia.com/advisories/61471Broken Link
http://secunia.com/advisories/61479Broken Link
http://secunia.com/advisories/61485Broken Link
http://secunia.com/advisories/61503Broken Link
http://secunia.com/advisories/61550Broken Link
http://secunia.com/advisories/61552Broken Link
http://secunia.com/advisories/61565Broken Link
http://secunia.com/advisories/61603Broken Link
http://secunia.com/advisories/61618Broken Link
http://secunia.com/advisories/61619Broken Link
http://secunia.com/advisories/61622Broken Link
http://secunia.com/advisories/61626Broken Link
http://secunia.com/advisories/61633Broken Link
http://secunia.com/advisories/61641Broken Link
http://secunia.com/advisories/61643Broken Link
http://secunia.com/advisories/61654Broken Link
http://secunia.com/advisories/61676Broken Link
http://secunia.com/advisories/61700Broken Link
http://secunia.com/advisories/61703Broken Link
http://secunia.com/advisories/61711Broken Link
http://secunia.com/advisories/61715Broken Link
http://secunia.com/advisories/61780Broken Link
http://secunia.com/advisories/61816Broken Link
http://secunia.com/advisories/61855Broken Link
http://secunia.com/advisories/61857Broken Link
http://secunia.com/advisories/61873Broken Link
http://secunia.com/advisories/62228Broken Link
http://secunia.com/advisories/62312Broken Link
http://secunia.com/advisories/62343Broken Link
http://support.apple.com/kb/HT6495Third Party Advisory
http://support.novell.com/security/cve/CVE-2014-7169.htmlThird Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashThird Party Advisory
http://twitter.com/taviso/statuses/514887394294652929Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685541Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685604Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685733Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685749Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685914Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21686084Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686131Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686246Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686445Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686447Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21686479Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21686494Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21687079Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315Broken Link
http://www.debian.org/security/2014/dsa-3035Mailing List, Third Party Advisory
http://www.kb.cert.org/vuls/id/252743Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164Broken Link
http://www.novell.com/support/kb/doc.php?id=7015701Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015721Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/09/24/32Mailing List
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlPatch, Third Party Advisory
http://www.qnap.com/i/en/support/con_show.php?cid=61Third Party Advisory
http://www.securityfocus.com/archive/1/533593/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2363-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2363-2Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-268AThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlThird Party Advisory
https://access.redhat.com/articles/1200223Third Party Advisory
https://access.redhat.com/node/1200223Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesBroken Link
https://kb.bluecoat.com/index?page=content&id=SA82Broken Link
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10085Broken Link
https://support.apple.com/kb/HT6535Third Party Advisory
https://support.citrix.com/article/CTX200217Third Party Advisory
https://support.citrix.com/article/CTX200223Permissions Required
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075Broken Link
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183Broken Link
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlertsThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006Third Party Advisory
https://www.exploit-db.com/exploits/34879/Exploit, Third Party Advisory, VDB Entry
https://www.suse.com/support/shellshock/Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0393.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlBroken Link
http://jvn.jp/en/jp/JVN55667175/index.htmlThird Party Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126Third Party Advisory, VDB Entry
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1306.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3075.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3077.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3078.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlMailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=141216207813411&w=2Mailing List
http://marc.info/?l=bugtraq&m=141216668515282&w=2Mailing List
http://marc.info/?l=bugtraq&m=141235957116749&w=2Mailing List
http://marc.info/?l=bugtraq&m=141319209015420&w=2Mailing List
http://marc.info/?l=bugtraq&m=141330425327438&w=2Mailing List
http://marc.info/?l=bugtraq&m=141330468527613&w=2Mailing List
http://marc.info/?l=bugtraq&m=141345648114150&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383026420882&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383081521087&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383138121313&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383196021590&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383244821813&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383304022067&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383353622268&w=2Mailing List
http://marc.info/?l=bugtraq&m=141383465822787&w=2Mailing List
http://marc.info/?l=bugtraq&m=141450491804793&w=2Mailing List
http://marc.info/?l=bugtraq&m=141576728022234&w=2Mailing List
http://marc.info/?l=bugtraq&m=141577137423233&w=2Mailing List
http://marc.info/?l=bugtraq&m=141577241923505&w=2Mailing List
http://marc.info/?l=bugtraq&m=141577297623641&w=2Mailing List
http://marc.info/?l=bugtraq&m=141585637922673&w=2Mailing List
http://marc.info/?l=bugtraq&m=141694386919794&w=2Mailing List
http://marc.info/?l=bugtraq&m=141879528318582&w=2Mailing List
http://marc.info/?l=bugtraq&m=142113462216480&w=2Mailing List
http://marc.info/?l=bugtraq&m=142118135300698&w=2Mailing List
http://marc.info/?l=bugtraq&m=142358026505815&w=2Mailing List
http://marc.info/?l=bugtraq&m=142358078406056&w=2Mailing List
http://marc.info/?l=bugtraq&m=142721162228379&w=2Mailing List
http://marc.info/?l=bugtraq&m=142805027510172&w=2Mailing List
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlExploit, Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2014-1306.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1311.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1312.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1354.htmlThird Party Advisory
http://seclists.org/fulldisclosure/2014/Oct/0Mailing List, Third Party Advisory
http://secunia.com/advisories/58200Broken Link
http://secunia.com/advisories/59272Broken Link
http://secunia.com/advisories/59737Broken Link
http://secunia.com/advisories/59907Broken Link
http://secunia.com/advisories/60024Broken Link
http://secunia.com/advisories/60034Broken Link
http://secunia.com/advisories/60044Broken Link
http://secunia.com/advisories/60055Broken Link
http://secunia.com/advisories/60063Broken Link
http://secunia.com/advisories/60193Broken Link
http://secunia.com/advisories/60325Broken Link
http://secunia.com/advisories/60433Broken Link
http://secunia.com/advisories/60947Broken Link
http://secunia.com/advisories/61065Broken Link
http://secunia.com/advisories/61128Broken Link
http://secunia.com/advisories/61129Broken Link
http://secunia.com/advisories/61188Broken Link
http://secunia.com/advisories/61283Broken Link
http://secunia.com/advisories/61287Broken Link
http://secunia.com/advisories/61291Broken Link
http://secunia.com/advisories/61312Broken Link
http://secunia.com/advisories/61313Broken Link
http://secunia.com/advisories/61328Broken Link
http://secunia.com/advisories/61442Broken Link
http://secunia.com/advisories/61471Broken Link
http://secunia.com/advisories/61479Broken Link
http://secunia.com/advisories/61485Broken Link
http://secunia.com/advisories/61503Broken Link
http://secunia.com/advisories/61550Broken Link
http://secunia.com/advisories/61552Broken Link
http://secunia.com/advisories/61565Broken Link
http://secunia.com/advisories/61603Broken Link
http://secunia.com/advisories/61618Broken Link
http://secunia.com/advisories/61619Broken Link
http://secunia.com/advisories/61622Broken Link
http://secunia.com/advisories/61626Broken Link
http://secunia.com/advisories/61633Broken Link
http://secunia.com/advisories/61641Broken Link
http://secunia.com/advisories/61643Broken Link
http://secunia.com/advisories/61654Broken Link
http://secunia.com/advisories/61676Broken Link
http://secunia.com/advisories/61700Broken Link
http://secunia.com/advisories/61703Broken Link
http://secunia.com/advisories/61711Broken Link
http://secunia.com/advisories/61715Broken Link
http://secunia.com/advisories/61780Broken Link
http://secunia.com/advisories/61816Broken Link
http://secunia.com/advisories/61855Broken Link
http://secunia.com/advisories/61857Broken Link
http://secunia.com/advisories/61873Broken Link
http://secunia.com/advisories/62228Broken Link
http://secunia.com/advisories/62312Broken Link
http://secunia.com/advisories/62343Broken Link
http://support.apple.com/kb/HT6495Third Party Advisory
http://support.novell.com/security/cve/CVE-2014-7169.htmlThird Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashThird Party Advisory
http://twitter.com/taviso/statuses/514887394294652929Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685541Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685604Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685733Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685749Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685914Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21686084Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686131Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686246Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686445Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686447Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21686479Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21686494Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21687079Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315Broken Link
http://www.debian.org/security/2014/dsa-3035Mailing List, Third Party Advisory
http://www.kb.cert.org/vuls/id/252743Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164Broken Link
http://www.novell.com/support/kb/doc.php?id=7015701Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015721Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/09/24/32Mailing List
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlPatch, Third Party Advisory
http://www.qnap.com/i/en/support/con_show.php?cid=61Third Party Advisory
http://www.securityfocus.com/archive/1/533593/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2363-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2363-2Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-268AThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlThird Party Advisory
https://access.redhat.com/articles/1200223Third Party Advisory
https://access.redhat.com/node/1200223Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesBroken Link
https://kb.bluecoat.com/index?page=content&id=SA82Broken Link
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10085Broken Link
https://support.apple.com/kb/HT6535Third Party Advisory
https://support.citrix.com/article/CTX200217Third Party Advisory
https://support.citrix.com/article/CTX200223Permissions Required
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075Broken Link
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183Broken Link
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlertsThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006Third Party Advisory
https://www.exploit-db.com/exploits/34879/Exploit, Third Party Advisory, VDB Entry
https://www.suse.com/support/shellshock/Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-7169US Government Resource

Timeline

Published: Sep 25, 2014
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2014-7169?

How severe is CVE-2014-7169?

CVE-2014-7169 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 99.94% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2014-7169?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-7169?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST