Is OmniCenter vulnerable to the ShellShock BASH exploit?

Short Answer

OmniCenter is NOT vulnerable to this exploit.

In September 2014, the vulnerability CVE-2014-6271 (also known as Shellshock) was discovered in the BASH operating system shell used in most or all versions of Linux (as well as Mac OS X). Netreo evaluated this vulnerability and determined that our products are NOT vulnerable to this exploit. Although the affected version of BASH was present in the version of Linux used by OmniCenter, Netreo uses advanced forms of access security to protect the system from intrusion, and does not use CGI, making it effectively impossible to exploit this vulnerability.

Netreo has also released a patch for OmniCenter systems to remove any possibility of this exploit being exposed in the future.

In practice, the risk of this type of exploit for OmniCenter customers is very low anyway, as OmniCenter is typically deployed behind the customer firewall and is not publicly accessible to outside attackers. OmniCenter also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the OmniCenter Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.