StorSimple 5000/7000 series and Shell Shock Vulnerability

Recent discovery of a bug in Bash Shell i.e. “Shell Shock Vulnerability” has been in the news and our customers are enquiring about this vulnerability on StorSimple 5000 & 7000 series appliances. Preliminary investigation has shown that StorSimple 5000 & 7000 series appliances are *not* vulnerable to this bug.

Bash Shell on the appliance is not exposed for any automated/user interaction. Shell access using device serial console and SSH exposes users a limited set of commands, thus not exposing this vulnerability. StorSimple Web UI/Interface does not have any CGI Bash scripts that can be exploited with this vulnerability.