CriticalCISA KEVExploited in the wildPublic exploit

Shellshock incomplete fix in GNU Bash

IdentifiersCVE-2014-7169CWE-78· Improper Neutralization of Special…

GNU Bash through 4.3 bash43-025 incorrectly processes trailing strings that follow certain malformed exported function definitions in environment variable values. This issue exists because the original fix for CVE-2014-6271 was incomplete. When Bash is invoked in a context where an attacker can influence environment variables across a privilege or trust boundary, the malformed function definition plus trailing payload can be interpreted in a way that results in unintended command execution or file creation/write side effects. Documented attack surfaces include OpenSSH sshd configurations using ForceCommand, Apache HTTP Server mod_cgi and mod_cgid, DHCP client script execution paths, and similar situations where externally influenced environment data is passed to Bash.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow remote attackers to execute arbitrary commands with the privileges of the invoking application or service. The vulnerability may also permit writing to files, and can therefore lead to full compromise of confidentiality, integrity, and availability depending on the exposed service and execution context. In practical deployments, exploitation against CGI, SSH ForceCommand, or DHCP-related paths can yield remote code execution, persistence via file writes, service disruption, and follow-on lateral movement.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce or eliminate exposure of services that pass attacker-controlled environment variables to Bash. Disable or restrict CGI scripts that invoke Bash, review Apache mod_cgi/mod_cgid usage, restrict or harden OpenSSH ForceCommand deployments, limit DHCP client script exposure, and segment or firewall vulnerable systems from untrusted networks. Monitor for exploitation attempts involving crafted function-definition environment variables and unusual file creation by Bash-invoking services. These measures are temporary and do not replace patching.

Remediation

Patch, then assume compromise.

Upgrade GNU Bash to a version containing the complete fix for CVE-2014-7169, specifically the upstream bash43-026 patch level or later, and preferably a vendor-maintained package that addresses the full Shellshock vulnerability set. Apply all relevant operating system and appliance vendor updates rather than patching only CVE-2014-6271. After updating, validate the installed Bash package version and test against known Shellshock/CVE-2014-7169 proof cases to confirm the incomplete fix has been removed.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 14 candidates as fakes, detection scripts, or README-only repos.

VALID 0 / 14 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Amazon Web ServicesAmazon Linux Amioperating_system

AppleMac Os Xoperating_system

Arista NetworksEosoperating_system

BroadcomEsxapplication

BroadcomVcenter Server Applianceapplication

CanonicalUbuntu Linuxapplication

CanonicalUbuntu Serveroperating_system

Check Point Software TechnologiesSecurity Gatewayapplication

Citrix SystemsNetscaler Sdx Firmwareoperating_system

DebianDebian Linuxoperating_system

F5Arx Firmwareoperating_system

F5Big-Ip Access Policy Managerapplication

F5Big-Ip Advanced Firewall Managerapplication

F5Big-Ip Analyticsapplication

F5Big-Ip Application Acceleration Managerapplication

F5Big-Ip Application Security Managerapplication

F5Big-Ip Edge Gatewayapplication

F5Big-Ip Global Traffic Managerapplication

F5Big-Ip Link Controllerapplication

F5Big-Ip Local Traffic Managerapplication

F5Big-Ip Policy Enforcement Managerapplication

F5Big-Ip Protocol Security Moduleapplication

F5Big-Ip Wan Optimization Managerapplication

F5Big-Ip Webacceleratorapplication

F5Big-Iq Cloudapplication

F5Big-Iq Deviceapplication

F5Big-Iq Securityapplication

F5Enterprise Managerhardware

F5Traffix Signaling Delivery Controllerapplication

GNU ProjectBashapplication

International Business MachinesFlex System V7000 Firmwareoperating_system

International Business MachinesInfosphere Guardium Database Activity Monitoringapplication

International Business MachinesPureapplication Systemapplication

International Business MachinesQradar Risk Managerapplication

International Business MachinesQradar Security Information And Event Managerapplication

International Business MachinesQradar Vulnerability Managerapplication

International Business MachinesSan Volume Controller Firmwareoperating_system

International Business MachinesSecurity Access Manager For Mobile 8.0 Firmwareoperating_system

International Business MachinesSecurity Access Manager For Web 7.0 Firmwareoperating_system

International Business MachinesSecurity Access Manager For Web 8.0 Firmwareoperating_system

International Business MachinesSmartcloud Entry Applianceapplication

International Business MachinesSmartcloud Provisioningapplication

International Business MachinesSoftware Defined Network For Virtual Environmentsapplication

International Business MachinesStarter Kit For Cloudapplication

International Business MachinesStn6500 Firmwareoperating_system

International Business MachinesStn6800 Firmwareoperating_system

International Business MachinesStn7800 Firmwareoperating_system

International Business MachinesStorwize V3500 Firmwareoperating_system

International Business MachinesStorwize V3700 Firmwareoperating_system

International Business MachinesStorwize V5000 Firmwareoperating_system

International Business MachinesStorwize V7000 Firmwareoperating_system

International Business MachinesWorkload Deployerapplication

MageiaMageiaoperating_system

NovellOpen Enterprise Serverapplication

NovellZenworks Configuration Managementapplication

OpensuseOpensuseoperating_system

OracleLinuxoperating_system

QNAP SystemsQtsoperating_system

Red HatEnterprise Linuxoperating_system

Red HatEnterprise Linux Desktopoperating_system

Red HatEnterprise Linux Eusoperating_system

Red HatEnterprise Linux For Ibm Z Systemsoperating_system

Red HatEnterprise Linux For Power Big Endianoperating_system

Red HatEnterprise Linux For Power Big Endian Eusoperating_system

Red HatEnterprise Linux For Scientific Computingoperating_system

Red HatEnterprise Linux Serveroperating_system

Red HatEnterprise Linux Server Ausoperating_system

Red HatEnterprise Linux Server From Rhuioperating_system

Red HatEnterprise Linux Server Tusoperating_system

Red HatEnterprise Linux Workstationoperating_system

Red HatGluster Storage Server For On-Premiseapplication

Red HatRed Hat Enterprise Linuxoperating_system

Red HatVirtualizationapplication

SuseLinux Enterprise Desktopoperating_system

SuseLinux Enterprise Serveroperating_system

SuseLinux Enterprise Software Development Kitoperating_system

SuseStudio Onsiteapplication

SuseSuse Linux Enterprise Serveroperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

43 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

43 SOURCESView more in app

tidal cyberNews

Jan 1, 2026

Tidal Cyber - PARISITE

A specific vulnerability cited as an example of exploiting Internet-facing systems for initial access; no further technical or operational detail is given in the content.

tidal cyberNews

Jul 8, 2024

Tidal Cyber - People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

A specific vulnerability cited as an example of exploiting Internet-facing systems for initial access; no further technical detail is given in the content.

tidal cyberNews

Sep 1, 2023

Tidal Cyber - Digital threats from East Asia increase in breadth and effectiveness

A specific vulnerability cited as an example of exploitation of Internet-facing systems; no further technical detail is provided in the content.

ibmNews

May 24, 2022

Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

A critical GNU Bash remote code execution vulnerability resulting from an incomplete fix for Shellshock-related malformed function definitions in environment variables.

+33 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2014-7169

NVD

nvd.nist.gov/vuln/detail/CVE-2014-7169

MITRE CWE · CWE-78

Improper Neutralization of Special Elements…

Patch

oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

Third Party Advisory

advisories.mageia.org/MGASA-2014-0393.html

Third Party Advisory

jvn.jp/en/jp/JVN55667175/index.html

Third Party Advisory

jvndb.jvn.jp/jvndb/JVNDB-2014-000126

Third Party Advisory

lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

Third Party Advisory

linux.oracle.com/errata/ELSA-2014-1306.html

Third Party Advisory

linux.oracle.com/errata/ELSA-2014-3075.html

Third Party Advisory

linux.oracle.com/errata/ELSA-2014-3077.html

Third Party Advisory

linux.oracle.com/errata/ELSA-2014-3078.html

+87 more references

view more in app