On September 23rd 2014, a new security vulnerability called Shellshock was discovered. This vulnerability is affecting the internet community. Videxio is making this statement to assure our customer and partner communities that the Videxio service has not been compromised and is not exposed to the Bash vulnerabilities.
The Videxio Cloud Video Service has not been compromised by, and is not exposed to these Bash vulnerabilities.
Two security vulnerabilities in the software shell GNU Bash were made public on 24 September 2014:
- CVE-2014-6271 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=C...
- CVE-2014-7169 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=C...
Videxio Engineering has reviewed the full implementation of the Videxio Cloud Video Service and has not found any services that have been subjected to attacks stemming from either of these GNU Bash vulnerabilities. Precautionary measures have been taken to monitor our services for abnormal activity, and so far nothing has been detected.
The core services which constitute the Videxio Cloud Video Service are in a protected network area where access via the public Internet is tightly restricted and limited only to authorized personnel.
The components of the Videxio Cloud Video Service that are public-facing use secure technologies and have been identified as not vulnerable as the user interaction does not expose user input to Bash.
Conclusion: There are no known issues for the Videxio Cloud Video Service pertaining to the above-mentioned Bash vulnerabilities.
Any questions can be directed to firstname.lastname@example.org.