MINNEAPOLIS, Minn.—September 26, 2014— On September 25, 2014, the United States Computer Emergency Readiness Team (US-CERT) reported a critical vulnerability in the GNU Bourne Again Shell (Bash). The issue and its effect on Ecessa software have been investigated. In response, Ecessa today released updated software to mitigate risk of exploitation. You may read Ecessa’s support notice here.
Ecessa advises updating firmware to the most current revision of the version you are using for all supported hardware. The new revisions contain security updates to mitigate vulnerability from unauthenticated and authenticated sources.
Today’s releases that address the Shellshock vulnerability include:
- 8.4.27
- 9.2.24
- 10.2.22
- 10.3.13
- 10.4.2
To update your Ecessa devices to current software , please see https://support.ecessa.com/hc/en-us/articles/200143446-How-do-I-upgrade-the-firmware-on-the-Ecessa-appliance- .
To limit access to your Ecessa devices, we recommend following security best practices, including:
- Ensure secure passwords are used for Ecessa device access
- Use non-standard ports
- Limit external access to the units
For specific instructions on restricting access to Ecessa devices please see the following articles:
- Limiting access using Management Access Lists – https://support.ecessa.com/hc/en-us/articles/200437253-How-do-I-limit-management-access-to-the-Ecessa-appliance-
- Configuring access to services – https://support.ecessa.com/hc/en-us/articles/200144096-Configure-Services
If you have additional questions or concerns about your Ecessa devices, please visit the Ecessa support portal at support.ecessa.com, email help@ecessa.com or call us toll free at 1.800.669.6242 x2.
Press Contact:
Tina Plant
tplant@ecessa.com
763-951-8936