Press Releases

Ecessa Addresses GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169)

 

MINNEAPOLIS, Minn.—September 26, 2014— On September 25, 2014, the United States Computer Emergency Readiness Team (US-CERT) reported a critical vulnerability in the GNU Bourne Again Shell (Bash). The issue and its effect on Ecessa software have been investigated. In response, Ecessa today released updated software to mitigate risk of exploitation. You may read Ecessa’s support notice here.

Ecessa advises updating firmware to the most current revision of the version you are using for all supported hardware. The new revisions contain security updates to mitigate vulnerability from unauthenticated and authenticated sources.

Today’s releases that address the Shellshock vulnerability include:

  • 8.4.27
  • 9.2.24
  • 10.2.22
  • 10.3.13
  • 10.4.2

To update your Ecessa devices to current software , please see https://support.ecessa.com/hc/en-us/articles/200143446-How-do-I-upgrade-the-firmware-on-the-Ecessa-appliance- .

To limit access to your Ecessa devices, we recommend following security best practices, including:

  • Ensure secure passwords are used for Ecessa device access
  • Use non-standard ports
  • Limit external access to the units

For specific instructions on restricting access to Ecessa devices please see the following articles:

If you have additional questions or concerns about your Ecessa devices, please visit the Ecessa support portal at support.ecessa.com, email help@ecessa.com or call us toll free at 1.800.669.6242 x2.

 

Press Contact:

Tina Plant
tplant@ecessa.com
763-951-8936

What’s coming up next? Plenty! Visit again in the near future to see what exciting new releases Your WAN Experts are innovating.

Contact, Connect, Continue

Let our team of experts find the right solution for you. Fill out our simple form and we’ll take it from there.