HiveOS & Bash Vulnerability

  • 3
  • Question
  • Updated 4 years ago
  • Answered
Can Aerohive comment on whether the bash vulnerability unearthed yesterday is able to affect HiveOS?
Photo of Steven Bateman

Steven Bateman

  • 65 Posts
  • 12 Reply Likes

Posted 4 years ago

  • 3
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Steve,
We are working on a PSA encompassing all of our products, once it is approved it will be posted in http://www.aerohive.com/support/security-center/security-bulletins

Answering your specific question, HiveOS is not vulnerable, it does not use Bash. 
Photo of Steven Bateman

Steven Bateman

  • 65 Posts
  • 12 Reply Likes
Good to hear, thanks!
Photo of Michael

Michael

  • 3 Posts
  • 1 Reply Like
Will aerohive comment further on the fix for CVE-2014-6271 potentially exposing CVE-2014-7169?
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Photo of Michael

Michael

  • 3 Posts
  • 1 Reply Like
Yes, no mention of CVE-2014-7169 - caused by the common fix for CVE-2014-6271
Photo of Nick Godfrey

Nick Godfrey

  • 1 Post
  • 0 Reply Likes
Has the patch to HiveManager been supplied yet? I can't find it anywhere on the website
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
(Edited)
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Nick (Godfrey),
No, we have not yet published the patch for on-premises HiveManager customers. We are working on it and should have done so soon.

Nick (Lowe),
Yes, we are aware of the later CVEs that have been published, and are taking those into account in our plans and work.