CVE-2014-7169

CVE Database · CVE-2014-7169

CVE-2014-7169

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.94%

Published

Sep 24, 2014

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-01-28 · Due: 2022-07-28

Apply updates per vendor instructions.

Public PoC / Exploit (19)

All weaponized →

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (345)

gnu · bashvulnerable

arista · eos (up to 4.9.12)vulnerable

arista · eos (up to 4.10.9)vulnerable

arista · eos (up to 4.11.11)vulnerable

arista · eos (up to 4.12.9)vulnerable

arista · eos (up to 4.13.9)vulnerable

arista · eos (up to 4.14.4f)vulnerable