Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The Shellshock vulnerability is well known and trivial to exploit. An attacker with network access to a device can remotely run commands to move laterally across the network.
Kill Chain
Risk Score
87
Shellshock is a remote code execution (RCE) vulnerability in the Bourne-Again shell (Bash) that attackers have been exploiting since 2014. An attacker-controlled DHCP server is configured to send a response with a Shellshock payload to a DHCP client, which often runs with elevated privileges that allow the client to modify network interfaces. The malicious payload includes a specific DHCP option with code that has a syntax similar to () { :;}; <exploit command>. The malicious command runs in Bash and creates a shell. The attacker then connects to the shell to remotely run commands on the DHCP client.
Update Bash to 4.3 or later
