Current Security Bulletin 09-2014: Shellshock Bug

Threat for Videoconferencing Systems And Infrastructure

Shellshock logo
29.09.2014 -

The current security warning on the "Shellshock bug" or "Bash gap" (CVE-2014-6271) specifically refers to Linux-based servers and devices that are configured using a web server: attackers may exploit a vulnerability in the Unix Shell to execute external code even in secured systems. The thread occurs, when configuration changes are made to vulnerable systems. Relevance to videoconferencing systems and infrastructure has been confirmed by renowned manufacturers.

A detailed analysis and list of affected systems is currently being setup. We will keep you informed, and strongly recommend to use only the latest firmware and software versions.

Update 2014|10|08:

Avaya: A part of systems are vulnerable
Avaya statement to Shell Shock Bug and the list of affected Products


StarLeaf: Systems are not vulnerable
StarLeaf statement to Shell Shock Bug


Update 2014|09|30:

Cisco: A part of systems are vulnerable
Cisco statement to Shell Shock Bug and the list of affected Products

LifeSize: Systems are not vulnerable
Lifesize statement to Shell Shock Bug

Polycom: Systems are not vulnerable
Polycom statement to Shell Shock Bug

For hazard information or safeguarding instructions, please contact our Customer Service at 040 - 80 81 81 121 or service@dekom.com.