GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Published 2014-09-24 18:48:04
Updated 2021-11-17 22:15:36
View at NVD,   CVE.org
Vulnerability category: Execute code

CVE-2014-6271 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
Added on 2022-01-28 Action due date 2022-07-28

Exploit prediction scoring system (EPSS) score for CVE-2014-6271

Probability of exploitation activity in the next 30 days: 97.56%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2014-6271

  • Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    exploit/multi/http/apache_mod_cgi_bash_env_exec
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition.
  • CUPS Filter Bash Environment Variable Code Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    exploit/multi/http/cups_bash_env_exec
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables. A valid username and password is required to exploit this
  • Advantech Switch Bash Environment Variable Code Injection (Shellshock)
    Disclosure Date: 2015-12-01
    First seen: 2020-04-26
    exploit/linux/http/advantech_switch_bash_env_exec
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This module was tested against firmware
  • IPFire Bash Environment Variable Injection (Shellshock)
    Disclosure Date: 2014-09-29
    First seen: 2020-04-26
    exploit/linux/http/ipfire_bashbug_exec
    IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request headers. Authors: - h00die <mike@stcyrsecurity.com> - Claudio Vivian
  • Dhclient Bash Environment Variable Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    exploit/unix/dhcp/bash_environment
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configurati
  • Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    auxiliary/scanner/http/apache_mod_cgi_bash_env
    This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition.
  • Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    exploit/multi/ftp/pureftpd_bash_env_exec
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the Pure-FTPd FTP server when it has been compiled with the --with-extauth flag and an external Bash script is used for authent
  • OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    exploit/osx/local/vmware_bash_function_root
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the VMWare Fusion application, allowing an unprivileged local user to get root access. Authors: - Stephane Chazelas - juken
  • Qmail SMTP Bash Environment Variable Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    exploit/unix/smtp/qmail_bash_env_exec
    This module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). T
  • DHCP Client Bash Environment Variable Code Injection (Shellshock)
    Disclosure Date: 2014-09-24
    First seen: 2020-04-26
    auxiliary/server/dhclient_bash_env
    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configurati

CVSS scores for CVE-2014-6271

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2014-6271

References for CVE-2014-6271

Products affected by CVE-2014-6271

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!