I’m posting this quickly for those of you who may not receive the AudioCodes announcements in your email as it is quite important.
The following AudioCodes products include the Bash shell and therefore are affected by the ShellShock exploit. I have been told that the issue is exposed only after a successful user login. Changing the credentials from default is considered an effective interim measure.
- AudioCodes Mediant 8000 and Mediant 5000 Shelf Controllers (SC-2 running Linux)
- AudioCodes EMS (Element Management System) / SEM (Session Experience Manager)
A patch will be released that addresses this threat for customers running version 6.6 or 6.8 and have a current support agreement.
What I wanted to make clear, is that while many AudioCodes products run Linux on the backend (as can be seen in my AudioCodes Mediant Virtual Edition SBC Installation post), they do not include the Bash shell and therefore are not affected.
So, if you’re running a Mediant 500, 800, 1000, 2600, 2000 or 3000 as we commonly see with Microsoft Lync, or a MediaPack gateway, you’re safe. 🙂
The product notice is available on the AudioCodes website, but does require a login: Product Notice #0223 Shellshock Security Threat to AudioCodes Products