Is PowerChute Network Shutdown version 3.1 Virtual Appliance for VMware vulnerable to BASH injection (Shellshock) issue?
Issue:
PowerChute Network Shutdown version 3.1 Virtual Appliance for VMware is vulnerable to BASH injection (Shellshock) issue.
Product:
PowerChute Network Shutdown Version 3.1 Virtual Appliance
Environment:
VMware
Cause:
BASH vulnerability
There is an easy test to determine the appliance is vulnerable. To check, from the command line type:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If vulnerable, the output will be:
vulnerable
this is a test
Solution:
It is recommended to uninstall PowerChute Network Shutdown Version 3.1 Virtual Appliance and install PowerChute Network Shutdown Virtual Appliance Version 4.x